Re: [libvirt PATCH] gitpublish: Add suppresscc option

[Erik Skultety]

On Tue, Sep 19, 2023 at 11:34:19AM +0200, Erik Skultety wrote:
> send-email scans the commit messages to figure out the default set of
> addresses to put into CC, Acked-by/Reviewed-by, etc-by being among
> them. We're quite strict about CC-ing people on libvirt-list, since
> most developers are subscribed to the list anyway. Respect the rule by
> avoiding CCing people solely based on the fact that they've done review
> of any of previous revisions.
> 
> Signed-off-by: Erik Skultety 
> ---
> 
> I noticed this issue when sending 
> https://listman.redhat.com/archives/libvir-list/2023-September/242173.html
> and publish automatically included Dan. I guess I could have overridden the CC
> explicitly to just include my own address and reduce the noise, but was too
> fast to hit send.
> 
>  .gitpublish | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/.gitpublish b/.gitpublish
> index d37bf4174a..457c8c676b 100644
> --- a/.gitpublish
> +++ b/.gitpublish
> @@ -2,3 +2,4 @@
>  base = master
>  to = libvir-list@redhat.com
>  prefix = libvirt PATCH
> +suppresscc = misc-by
> -- 
> 2.41.0
> 

Polite ping. Not sure how many people actually use 'git publish', but this
should help not spamming people with more mails just because they've done a
single round of review for a patch/series.

Erik

Re: [libvirt PATCH 36/42] systemd: Augment Requires/Wants with After

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:34PM +0200, Andrea Bolognani wrote:
> Requires/Wants only tells systemd that the corresponding unit
> should be started when the current one is, but that could very
> well happen in parallel. For virtlogd/virtlockd, we want the
> socket to be already active when the hypervisor driver is
> started.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/libxl/meson.build  | 1 +
>  src/qemu/meson.build   | 2 ++
>  src/remote/libvirtd.service.in | 7 ++-
>  3 files changed, 9 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 37/42] systemd: Drop Before=libvirtd from virtlogd/virtlockd

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:35PM +0200, Andrea Bolognani wrote:
> We have already declared the mirror relationship, so this one
> is now redundant.
> 
> Moreover, this version was incomplete: it only ever worked for
> the monolithic daemon, but the modular daemons for QEMU and Xen
> also want the sockets to be active.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/locking/virtlockd-admin.socket.in | 1 -
>  src/locking/virtlockd.service.in  | 1 -
>  src/locking/virtlockd.socket.in   | 1 -
>  src/logging/virtlogd-admin.socket.in  | 1 -
>  src/logging/virtlogd.service.in   | 1 -
>  src/logging/virtlogd.socket.in| 1 -
>  6 files changed, 6 deletions(-)

Reviewed-by: Daniel P. Berrangé 

With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 38/42] systemd: Drop Before=foo.service from sockets

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:36PM +0200, Andrea Bolognani wrote:
> systemd will automatically infer this dependency based on the
> socket's Service=foo.service setting.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/remote/libvirtd-admin.socket.in | 1 -
>  src/remote/libvirtd-ro.socket.in| 1 -
>  src/remote/libvirtd-tcp.socket.in   | 1 -
>  src/remote/libvirtd-tls.socket.in   | 1 -
>  src/remote/libvirtd.socket.in   | 1 -
>  src/virtd-admin.socket.in   | 1 -
>  src/virtd-ro.socket.in  | 1 -
>  src/virtd-tcp.socket.in | 1 -
>  src/virtd-tls.socket.in | 1 -
>  src/virtd.socket.in | 1 -
>  10 files changed, 10 deletions(-)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 34/42] systemd: Make modular daemons conflict with libvirtd

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:32PM +0200, Andrea Bolognani wrote:
> We want to make sure that, at any given time, we have either the
> modular daemons or the monolithic one running, never both. In
> order to achieve that, make every single modular unit conflict
> with the corresponding libvirtd unit.
> 
> We set both Conflicts=libvirtd.unit and After=libvirtd.unit: this
> tells systemd that, whenever virtfood.unit and libvirtd.unit are
> part of the same transaction, the former should win out.
> 
> Thanks to this, if both the modular daemons and the monolithic
> one have been enabled because of outdated automation or a simple
> mistake of the administrator, the request to start libvirtd at
> boot will be ignored and the result will be a regular modular
> deployment.
> 
> If the request to start libvirtd is made when the modular daemons
> are already running, we have no way to prevent systemd from
> complying with that request; however, thanks to the way the
> conflict relationship has been declared, they will be shut down
> cleanly before libvirtd is started. From the user's point of
> view, the transition from modular to monolithic will be
> completely transparent: it's basically the same scenario as a
> regular package upgrade, just with an extra twist.
> 
> Note that, while switching from modular to monolithic at runtime
> happens automatically, going back requires manual intervention,
> i.e. starting all the necessary sockets one by one. That's okay:
> the goal here is to prevent misconfiguration and force of habit
> to accidentally disrupt a working setup, not to encourage the
> scenario. In a correctly configured and managed host, it should
> never occur.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/virtd-admin.socket.in | 2 ++
>  src/virtd-ro.socket.in| 2 ++
>  src/virtd-tcp.socket.in   | 2 ++
>  src/virtd-tls.socket.in   | 2 ++
>  src/virtd.service.in  | 3 ++-
>  src/virtd.socket.in   | 2 ++
>  6 files changed, 12 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 39/42] systemd: Add Also between sockets

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:37PM +0200, Andrea Bolognani wrote:
> This results in all sockets for a service being enabled when a
> single one of them is.
> 
> The -tcp and -tls sockets are intentionally excluded, because
> enabling them should require explicit action on the
> administrator's part; moreover, disabling them should not result
> in the local sockets being disabled too.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/locking/virtlockd-admin.socket.in | 1 +
>  src/locking/virtlockd.socket.in   | 1 +
>  src/logging/virtlogd-admin.socket.in  | 1 +
>  src/logging/virtlogd.socket.in| 1 +
>  src/remote/libvirtd-admin.socket.in   | 2 ++
>  src/remote/libvirtd-ro.socket.in  | 2 ++
>  src/remote/libvirtd.socket.in | 2 ++
>  src/virtd-admin.socket.in | 2 ++
>  src/virtd-ro.socket.in| 2 ++
>  src/virtd.socket.in   | 2 ++
>  10 files changed, 16 insertions(+)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 40/42] systemd: Drop BindTo/After between sockets

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:38PM +0200, Andrea Bolognani wrote:
> They are unnecessary, since all sockets for a service are now
> enabled as soon as one of them is and each service has a very
> strong dependency on all of its sockets.

You earlier modified  the .service units to have BindsTo= for
each of the sockets it depends to.

Thus if any one of the .sockets is stopped, this means the
.service is stopped too.

The logic removed here though was doing a different job. That
said that that if $FOO.socket  is stopped, it would force stop
the $FOO-admin.socket and $FOO-ro.socket too.

IOW, it prevented having only the RO/admin sockets running,
without the primary socket.

I believe that's still needed

Also, you didn't add BindsTo on the libvirtd.service, because
that has to be able to run without socket activation for
upgrade scenarios. So we shouldn't be modifying the libvirtd
sockets anyway.

> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/locking/virtlockd-admin.socket.in | 2 --
>  src/logging/virtlogd-admin.socket.in  | 2 --
>  src/remote/libvirtd-admin.socket.in   | 2 --
>  src/remote/libvirtd-ro.socket.in  | 2 --
>  src/remote/libvirtd-tcp.socket.in | 2 --
>  src/remote/libvirtd-tls.socket.in | 2 --
>  src/virtd-admin.socket.in | 2 --
>  src/virtd-ro.socket.in| 2 --
>  src/virtd-tcp.socket.in   | 2 --
>  src/virtd-tls.socket.in   | 2 --
>  10 files changed, 20 deletions(-)
> 
> diff --git a/src/locking/virtlockd-admin.socket.in 
> b/src/locking/virtlockd-admin.socket.in
> index 63f78a02da..a773b511bd 100644
> --- a/src/locking/virtlockd-admin.socket.in
> +++ b/src/locking/virtlockd-admin.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=Virtual machine lock manager admin socket
> -BindsTo=virtlockd.socket
> -After=virtlockd.socket
>  
>  [Socket]
>  ListenStream=@runstatedir@/libvirt/virtlockd-admin-sock
> diff --git a/src/logging/virtlogd-admin.socket.in 
> b/src/logging/virtlogd-admin.socket.in
> index 1d18fe6f56..e0d35cbcf3 100644
> --- a/src/logging/virtlogd-admin.socket.in
> +++ b/src/logging/virtlogd-admin.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=Virtual machine log manager socket
> -BindsTo=virtlogd.socket
> -After=virtlogd.socket
>  
>  [Socket]
>  ListenStream=@runstatedir@/libvirt/virtlogd-admin-sock
> diff --git a/src/remote/libvirtd-admin.socket.in 
> b/src/remote/libvirtd-admin.socket.in
> index 6df038d95a..ba060eaea4 100644
> --- a/src/remote/libvirtd-admin.socket.in
> +++ b/src/remote/libvirtd-admin.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ admin socket
> -BindsTo=libvirtd.socket
> -After=libvirtd.socket
>  
>  [Socket]
>  ListenStream=@runstatedir@/libvirt/libvirt-admin-sock
> diff --git a/src/remote/libvirtd-ro.socket.in 
> b/src/remote/libvirtd-ro.socket.in
> index 6797517c50..d2ab7ba4f2 100644
> --- a/src/remote/libvirtd-ro.socket.in
> +++ b/src/remote/libvirtd-ro.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ local read-only socket
> -BindsTo=libvirtd.socket
> -After=libvirtd.socket
>  
>  [Socket]
>  ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
> diff --git a/src/remote/libvirtd-tcp.socket.in 
> b/src/remote/libvirtd-tcp.socket.in
> index 8b8fbcd01a..e32daddf25 100644
> --- a/src/remote/libvirtd-tcp.socket.in
> +++ b/src/remote/libvirtd-tcp.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ non-TLS IP socket
> -BindsTo=libvirtd.socket
> -After=libvirtd.socket
>  
>  [Socket]
>  ListenStream=16509
> diff --git a/src/remote/libvirtd-tls.socket.in 
> b/src/remote/libvirtd-tls.socket.in
> index fefda22c6b..2f34e8e0cd 100644
> --- a/src/remote/libvirtd-tls.socket.in
> +++ b/src/remote/libvirtd-tls.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ TLS IP socket
> -BindsTo=libvirtd.socket
> -After=libvirtd.socket
>  
>  [Socket]
>  ListenStream=16514
> diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in
> index a4faeb7da8..dc2cb737ce 100644
> --- a/src/virtd-admin.socket.in
> +++ b/src/virtd-admin.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ admin socket
> -BindsTo=@service@.socket
> -After=@service@.socket
>  Conflicts=libvirtd-admin.socket
>  After=libvirtd-admin.socket
>  @socket_unit_extra@
> diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in
> index 829c2e8b1f..ef1716e3f3 100644
> --- a/src/virtd-ro.socket.in
> +++ b/src/virtd-ro.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ local read-only socket
> -BindsTo=@service@.socket
> -After=@service@.socket
>  Conflicts=libvirtd-ro.socket
>  After=libvirtd-ro.socket
>  @socket_unit_extra@
> diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in
> index 2873c35135..26ead32789 100644
> --- a/src/virtd-tcp.socket.in
> +++ b/src/virtd-tcp.socket.in
> @@ -1,7 +1,5 @@
>  [Unit]
>  Description=@name@ non-TLS IP socket
> -BindsTo=@service@.socket
> -After=@service@.socket
>  Conflicts=libvirtd-tcp.socket
>  After=libvirtd-tcp.socket
>  @socket_unit

Re: [libvirt PATCH 42/42] systemd: Move Documentation lines

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:40PM +0200, Andrea Bolognani wrote:
> Like the Description, these are intended to be displayed to the
> user, so it makes sense to have them towards the top of the file
> before all the information that systemd will parse to calculate
> dependencies.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/locking/virtlockd.service.in | 4 ++--
>  src/logging/virtlogd.service.in  | 4 ++--
>  src/remote/libvirtd.service.in   | 4 ++--
>  src/virtd.service.in | 4 ++--
>  4 files changed, 8 insertions(+), 8 deletions(-)

Reviewed-by: Daniel P. Berrangé 


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 41/42] systemd: Improve and unify unit descriptions

[Daniel P . Berrangé]

On Mon, Sep 25, 2023 at 08:58:39PM +0200, Andrea Bolognani wrote:
> Hypervisors are referred to by their user-facing name rather
> than the name of their libvirt driver, the monolithic daemon is
> explicitly referred to as legacy, and a consistent format is
> used throughout.
> 
> Signed-off-by: Andrea Bolognani 
> ---
>  src/ch/meson.build| 2 +-
>  src/interface/meson.build | 2 +-
>  src/libxl/meson.build | 2 +-
>  src/locking/meson.build   | 2 +-
>  src/locking/virtlockd-admin.socket.in | 2 +-
>  src/locking/virtlockd.service.in  | 2 +-
>  src/locking/virtlockd.socket.in   | 2 +-
>  src/logging/meson.build   | 2 +-
>  src/logging/virtlogd-admin.socket.in  | 2 +-
>  src/logging/virtlogd.service.in   | 2 +-
>  src/logging/virtlogd.socket.in| 2 +-
>  src/lxc/meson.build   | 2 +-
>  src/network/meson.build   | 2 +-
>  src/node_device/meson.build   | 2 +-
>  src/nwfilter/meson.build  | 2 +-
>  src/qemu/meson.build  | 2 +-
>  src/remote/libvirtd-admin.socket.in   | 2 +-
>  src/remote/libvirtd-ro.socket.in  | 2 +-
>  src/remote/libvirtd-tcp.socket.in | 2 +-
>  src/remote/libvirtd-tls.socket.in | 2 +-
>  src/remote/libvirtd.service.in| 2 +-
>  src/remote/libvirtd.socket.in | 2 +-
>  src/remote/meson.build| 4 ++--
>  src/secret/meson.build| 2 +-
>  src/storage/meson.build   | 2 +-
>  src/vbox/meson.build  | 2 +-
>  src/virtd-admin.socket.in | 2 +-
>  src/virtd-ro.socket.in| 2 +-
>  src/virtd-tcp.socket.in   | 2 +-
>  src/virtd-tls.socket.in   | 2 +-
>  src/virtd.service.in  | 2 +-
>  src/virtd.socket.in   | 2 +-
>  src/vz/meson.build| 2 +-
>  33 files changed, 34 insertions(+), 34 deletions(-)
> 

> diff --git a/src/locking/virtlockd-admin.socket.in 
> b/src/locking/virtlockd-admin.socket.in
> index a773b511bd..90077b4915 100644
> --- a/src/locking/virtlockd-admin.socket.in
> +++ b/src/locking/virtlockd-admin.socket.in
> @@ -1,5 +1,5 @@
>  [Unit]
> -Description=Virtual machine lock manager admin socket
> +Description=libvirt @name@ daemon admin socket

Using a subsitution here does not add any value IMHO, it
just obscures the final text. Likewise for the similar
changes that follow.


With regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [libvirt PATCH 40/42] systemd: Drop BindTo/After between sockets

[Andrea Bolognani]

On Wed, Sep 27, 2023 at 10:55:04AM +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 25, 2023 at 08:58:38PM +0200, Andrea Bolognani wrote:
> > They are unnecessary, since all sockets for a service are now
> > enabled as soon as one of them is and each service has a very
> > strong dependency on all of its sockets.
>
> You earlier modified  the .service units to have BindsTo= for
> each of the sockets it depends to.
>
> Thus if any one of the .sockets is stopped, this means the
> .service is stopped too.
>
> The logic removed here though was doing a different job. That
> said that that if $FOO.socket  is stopped, it would force stop
> the $FOO-admin.socket and $FOO-ro.socket too.
>
> IOW, it prevented having only the RO/admin sockets running,
> without the primary socket.
>
> I believe that's still needed
>
> Also, you didn't add BindsTo on the libvirtd.service, because
> that has to be able to run without socket activation for
> upgrade scenarios. So we shouldn't be modifying the libvirtd
> sockets anyway.

I'll perform some testing just to make sure, but I think you're right
and I will most likely drop this patch in v2.

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [libvirt PATCH 41/42] systemd: Improve and unify unit descriptions

[Andrea Bolognani]

On Wed, Sep 27, 2023 at 10:57:13AM +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 25, 2023 at 08:58:39PM +0200, Andrea Bolognani wrote:
> > +++ b/src/locking/virtlockd-admin.socket.in
> > @@ -1,5 +1,5 @@
> >  [Unit]
> > -Description=Virtual machine lock manager admin socket
> > +Description=libvirt @name@ daemon admin socket
>
> Using a subsitution here does not add any value IMHO, it
> just obscures the final text. Likewise for the similar
> changes that follow.

Point taken for libvirtd/virtlogd/virtlockd, which are special and
don't follow the same process as other daemons. I'll drop that part.

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [libvirt PATCH 0/2] Add vdpablock and nbdkit to NEWS

[Michal Prívozník]

On 9/19/23 22:47, Jonathon Jongsma wrote:
> 
> 
> Jonathon Jongsma (2):
>   news: document support for vdpa block devices
>   news: document nbdkit support for network disks
> 
>  NEWS.rst | 18 ++
>  1 file changed, 18 insertions(+)
> 

Reviewed-by: Michal Privoznik 

Michal

Re: [libvirt PATCH] gitpublish: Add suppresscc option

[Michal Prívozník]

On 9/19/23 11:34, Erik Skultety wrote:
> send-email scans the commit messages to figure out the default set of
> addresses to put into CC, Acked-by/Reviewed-by, etc-by being among
> them. We're quite strict about CC-ing people on libvirt-list, since
> most developers are subscribed to the list anyway. Respect the rule by
> avoiding CCing people solely based on the fact that they've done review
> of any of previous revisions.
> 
> Signed-off-by: Erik Skultety 
> ---
> 
> I noticed this issue when sending 
> https://listman.redhat.com/archives/libvir-list/2023-September/242173.html
> and publish automatically included Dan. I guess I could have overridden the CC
> explicitly to just include my own address and reduce the noise, but was too
> fast to hit send.
> 
>  .gitpublish | 1 +
>  1 file changed, 1 insertion(+)
> 

Reviewed-by: Michal Privoznik 

Michal

[PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

[Thomas Huth]

This subsystem is said to be in a bad shape (see e.g. [1], [2]
and [3]), and nobody seems to feel responsible to pick up patches
for this and send them via a pull request. For example there is
a patch for a CVE-worthy bug posted more than half a year ago [4]
which has never been merged.

Quoting Markus: "Given the shape it is in, I wouldn't let friends
use it in production" - we shouldn't expose this to our users in
the current state. Thus let's mark it as deprecated and finally
remove it unless somebody steps up and improves the code quality
and adds proper regression tests.

[1] 
https://lore.kernel.org/qemu-devel/20230918144206.560120-1-arm...@redhat.com/
[2] https://lore.kernel.org/qemu-devel/zqnojjoqofu73...@redhat.com/
[3] 
https://lore.kernel.org/qemu-devel/1054981c-e8ae-c676-3b04-eeb030e11...@tls.msk.ru/
[4] 
https://lore.kernel.org/qemu-devel/20230301142926.18686-1-yuval.shaia...@gmail.com/
[5] https://lore.kernel.org/qemu-devel/8734z9f086@pond.sub.org/

Signed-off-by: Thomas Huth 
---
 MAINTAINERS   | 2 +-
 docs/about/deprecated.rst | 8 
 hw/rdma/vmw/pvrdma_main.c | 2 ++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 355b1960ce..ca42b89ef8 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3815,7 +3815,7 @@ F: docs/block-replication.txt
 PVRDMA
 M: Yuval Shaia 
 M: Marcel Apfelbaum 
-S: Maintained
+S: Odd Fixes
 F: hw/rdma/*
 F: hw/rdma/vmw/*
 F: docs/pvrdma.txt
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index dc4da95329..f0c7addb1f 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -365,6 +365,14 @@ QEMU's ``vhost`` feature, which would eliminate the high 
latency costs under
 which the 9p ``proxy`` backend currently suffers. However as of to date nobody
 has indicated plans for such kind of reimplementation unfortunately.
 
+``-device pvrdma`` and the rdma subsystem (since 8.2)
+^
+
+The pvrdma device and the whole rdma subsystem are in a bad shape and
+without active maintenance. The QEMU project intends to remove this
+device and subsystem from the code base in a future release without
+replacement unless somebody steps up and improves the situation.
+
 
 Block device options
 
diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 4fc6712025..ed49ce1e72 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -601,6 +601,8 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
 bool ram_shared = false;
 PCIDevice *func0;
 
+warn_report_once("pvrdma is deprecated and will be removed in a future 
release");
+
 rdma_info_report("Initializing device %s %x.%x", pdev->name,
  PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
 
-- 
2.41.0

Re: [PATCH] virsh: Account for return values in virNodeGetFreePages

[Michal Prívozník]

On 9/26/23 15:56, Martin Kletzander wrote:
> The function returns how many array items were filled in, but virsh
> never checked for anything other than errors.  Just to make sure this
> does not report invalid data, even though the only possibility would be
> reporting 0 free pages, check the returned data so that possible errors
> are detected.
> 
> Signed-off-by: Martin Kletzander 
> ---
>  tools/virsh-host.c | 28 ++--
>  1 file changed, 22 insertions(+), 6 deletions(-)

Yeah. This should never happen though (at least in real life
conditions), because our virHostMemGetFreePages() either fills
everything or returns an error. But the way our public API is documented
warrants having this in.

Reviewed-by: Michal Privoznik 

Michal

Re: [libvirt PATCH 34/42] systemd: Make modular daemons conflict with libvirtd

[Andrea Bolognani]

On Mon, Sep 25, 2023 at 08:58:32PM +0200, Andrea Bolognani wrote:
> +++ b/src/virtd-tls.socket.in
> @@ -3,6 +3,8 @@ Description=@name@ TLS IP socket
>  Before=@service@.service
>  BindsTo=@service@.socket
>  After=@service@.socket
> +Conflicts=libvirt-tls.socket
> +After=libvirt-tls.socket
>  @socket_unit_extra@

These should obviously have been libvirt*d*-tls.socket.

-- 
Andrea Bolognani / Red Hat / Virtualization

[libvirt PATCH v2 15/33] systemd: Switch virtvzd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/vz/meson.build  |  5 +
 src/vz/virtvzd.service.extra.in |  2 ++
 src/vz/virtvzd.service.in   | 26 --
 3 files changed, 3 insertions(+), 30 deletions(-)
 create mode 100644 src/vz/virtvzd.service.extra.in
 delete mode 100644 src/vz/virtvzd.service.in

diff --git a/src/vz/meson.build b/src/vz/meson.build
index 9c2eb90463..842cdb6136 100644
--- a/src/vz/meson.build
+++ b/src/vz/meson.build
@@ -48,11 +48,8 @@ if conf.has('WITH_VZ')
 
   virt_daemon_units += {
 'service': 'virtvzd',
-'service_in': files('virtvzd.service.in'),
 'name': 'Libvirt vz',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtvzd.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/vz/virtvzd.service.extra.in b/src/vz/virtvzd.service.extra.in
new file mode 100644
index 00..ba3ad13ace
--- /dev/null
+++ b/src/vz/virtvzd.service.extra.in
@@ -0,0 +1,2 @@
+[Unit]
+After=remote-fs.target
diff --git a/src/vz/virtvzd.service.in b/src/vz/virtvzd.service.in
deleted file mode 100644
index 5521e89e10..00
--- a/src/vz/virtvzd.service.in
+++ /dev/null
@@ -1,26 +0,0 @@
-[Unit]
-Description=Virtualization vz daemon
-Conflicts=libvirtd.service
-Requires=virtvzd.socket
-Requires=virtvzd-ro.socket
-Requires=virtvzd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-Documentation=man:virtvzd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTVZD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtvzd
-ExecStart=@sbindir@/virtvzd $VIRTVZD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtvzd.socket
-Also=virtvzd-ro.socket
-Also=virtvzd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 09/33] systemd: Switch virtinterfaced to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/interface/meson.build   |  4 
 src/interface/virtinterfaced.service.in | 25 -
 2 files changed, 29 deletions(-)
 delete mode 100644 src/interface/virtinterfaced.service.in

diff --git a/src/interface/meson.build b/src/interface/meson.build
index 6fa65117c3..54c0b1a935 100644
--- a/src/interface/meson.build
+++ b/src/interface/meson.build
@@ -44,11 +44,7 @@ if conf.has('WITH_INTERFACE')
 
   virt_daemon_units += {
 'service': 'virtinterfaced',
-'service_in': files('virtinterfaced.service.in'),
 'name': 'Libvirt interface',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/interface/virtinterfaced.service.in 
b/src/interface/virtinterfaced.service.in
deleted file mode 100644
index 5cb2cd19dc..00
--- a/src/interface/virtinterfaced.service.in
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Virtualization interface daemon
-Conflicts=libvirtd.service
-Requires=virtinterfaced.socket
-Requires=virtinterfaced-ro.socket
-Requires=virtinterfaced-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtinterfaced(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTINTERFACED_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtinterfaced
-ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtinterfaced.socket
-Also=virtinterfaced-ro.socket
-Also=virtinterfaced-admin.socket
-- 
2.41.0

[libvirt PATCH v2 30/33] systemd: Add Also between sockets

[Andrea Bolognani]

This results in all sockets for a service being enabled when a
single one of them is.

The -tcp and -tls sockets are intentionally excluded, because
enabling them should require explicit action on the
administrator's part; moreover, disabling them should not result
in the local sockets being disabled too.

Signed-off-by: Andrea Bolognani 
---
 src/locking/virtlockd-admin.socket.in | 1 +
 src/locking/virtlockd.socket.in   | 1 +
 src/logging/virtlogd-admin.socket.in  | 1 +
 src/logging/virtlogd.socket.in| 1 +
 src/remote/libvirtd-admin.socket.in   | 2 ++
 src/remote/libvirtd-ro.socket.in  | 2 ++
 src/remote/libvirtd.socket.in | 2 ++
 src/virtd-admin.socket.in | 2 ++
 src/virtd-ro.socket.in| 2 ++
 src/virtd.socket.in   | 2 ++
 10 files changed, 16 insertions(+)

diff --git a/src/locking/virtlockd-admin.socket.in 
b/src/locking/virtlockd-admin.socket.in
index d5ebd7f60b..d05ba982d9 100644
--- a/src/locking/virtlockd-admin.socket.in
+++ b/src/locking/virtlockd-admin.socket.in
@@ -10,3 +10,4 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=virtlockd.socket
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index d2cc2a06a3..98aabb2511 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -8,3 +8,4 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=virtlockd-admin.socket
diff --git a/src/logging/virtlogd-admin.socket.in 
b/src/logging/virtlogd-admin.socket.in
index 67259803ca..75ec7bd5fa 100644
--- a/src/logging/virtlogd-admin.socket.in
+++ b/src/logging/virtlogd-admin.socket.in
@@ -10,3 +10,4 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=virtlogd.socket
diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
index 7b3fc73773..b044d62e7c 100644
--- a/src/logging/virtlogd.socket.in
+++ b/src/logging/virtlogd.socket.in
@@ -8,3 +8,4 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=virtlogd-admin.socket
diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index 098e372971..6df038d95a 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -10,3 +10,5 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=libvirtd.socket
+Also=libvirtd-ro.socket
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index 101555e8a0..6797517c50 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -10,3 +10,5 @@ SocketMode=0666
 
 [Install]
 WantedBy=sockets.target
+Also=libvirtd.socket
+Also=libvirtd-admin.socket
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index 3019821df3..f483facdf3 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -9,3 +9,5 @@ RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
+Also=libvirtd-ro.socket
+Also=libvirtd-admin.socket
diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in
index 63db2be5fe..5a5f577041 100644
--- a/src/virtd-admin.socket.in
+++ b/src/virtd-admin.socket.in
@@ -12,3 +12,5 @@ SocketMode=0600
 
 [Install]
 WantedBy=sockets.target
+Also=@service@.socket
+Also=@service@-ro.socket
diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in
index 32e4789b8b..692279665d 100644
--- a/src/virtd-ro.socket.in
+++ b/src/virtd-ro.socket.in
@@ -12,3 +12,5 @@ SocketMode=0666
 
 [Install]
 WantedBy=sockets.target
+Also=@service@.socket
+Also=@service@-admin.socket
diff --git a/src/virtd.socket.in b/src/virtd.socket.in
index d0a0bb3b1c..7a8c4bf0c2 100644
--- a/src/virtd.socket.in
+++ b/src/virtd.socket.in
@@ -11,3 +11,5 @@ RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
+Also=@service@-ro.socket
+Also=@service@-admin.socket
-- 
2.41.0

[libvirt PATCH v2 19/33] systemd: Switch virtqemud to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/qemu/meson.build|  5 +--
 src/qemu/virtqemud.service.extra.in | 28 +
 src/qemu/virtqemud.service.in   | 48 -
 3 files changed, 29 insertions(+), 52 deletions(-)
 create mode 100644 src/qemu/virtqemud.service.extra.in
 delete mode 100644 src/qemu/virtqemud.service.in

diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index b52497bdf0..1afc301a6d 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -183,11 +183,8 @@ if conf.has('WITH_QEMU')
 
   virt_daemon_units += {
 'service': 'virtqemud',
-'service_in': files('virtqemud.service.in'),
 'name': 'Libvirt qemu',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtqemud.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/qemu/virtqemud.service.extra.in 
b/src/qemu/virtqemud.service.extra.in
new file mode 100644
index 00..eaf616f575
--- /dev/null
+++ b/src/qemu/virtqemud.service.extra.in
@@ -0,0 +1,28 @@
+[Unit]
+Requires=virtlogd.socket
+Wants=virtlockd.socket
+Wants=systemd-machined.service
+After=systemd-machined.service
+After=remote-fs.target
+
+[Service]
+KillMode=process
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFILE=1024:524288
+# The cgroups pids controller can limit the number of tasks started by
+# the daemon, which can limit the number of domains for some hypervisors.
+# A conservative default of 8 tasks per guest results in a TasksMax of
+# 32k to support 4096 guests.
+TasksMax=32768
+# With cgroups v2 there is no devices controller anymore, we have to use
+# eBPF to control access to devices. In order to do that we create a eBPF
+# hash MAP which locks memory. The default map size for 64 devices together
+# with program takes 12k per guest. After rounding up we will get 64M to
+# support 4096 guests.
+LimitMEMLOCK=64M
+
+[Install]
+Also=virtlogd.socket
+Also=virtlockd.socket
diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in
deleted file mode 100644
index e79670ca95..00
--- a/src/qemu/virtqemud.service.in
+++ /dev/null
@@ -1,48 +0,0 @@
-[Unit]
-Description=Virtualization qemu daemon
-Conflicts=libvirtd.service
-Requires=virtlogd.socket
-Requires=virtqemud.socket
-Requires=virtqemud-ro.socket
-Requires=virtqemud-admin.socket
-Wants=virtlockd.socket
-Wants=systemd-machined.service
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-After=systemd-machined.service
-Documentation=man:virtqemud(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTQEMUD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtqemud
-ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-# Raise hard limits to match behaviour of systemd >= 240.
-# During startup, daemon will set soft limit to match hard limit
-# per systemd recommendations
-LimitNOFILE=1024:524288
-# The cgroups pids controller can limit the number of tasks started by
-# the daemon, which can limit the number of domains for some hypervisors.
-# A conservative default of 8 tasks per guest results in a TasksMax of
-# 32k to support 4096 guests.
-TasksMax=32768
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices.  In order to do that we create a eBPF
-# hash MAP which locks memory.  The default map size for 64 devices together
-# with program takes 12k per guest.  After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
-
-[Install]
-WantedBy=multi-user.target
-Also=virtlogd.socket
-Also=virtlockd.socket
-Also=virtqemud.socket
-Also=virtqemud-ro.socket
-Also=virtqemud-admin.socket
-- 
2.41.0

[libvirt PATCH v2 00/33] systemd: Improve units for services and sockets

[Andrea Bolognani]

A grab bag of changes, ranging from very much functional ones
to purely aesthetical ones.

Changes from [v1]

  * patches 01-11 from the original series have been pushed;

  * patch 40 from the original series has been dropped;

  * patches 02 (cosmetic) and 31 (bug fix) have been added;

  * the templating mechanism has been completely overhauled, and
now uses a Python script for performing service-specific unit
customizations instead of meson's built-in templating
capabilities;

  * as a result of the above, service-specific customizations are now
stored in specific foo.{service,socket}.extra.in files instead of
meson.build;

  * various other tweaks in response to review feedback.

[v1] https://listman.redhat.com/archives/libvir-list/2023-September/242288.html

Andrea Bolognani (33):
  systemd: Drop Conflicts from virtproxyd sockets
  systemd: Introduce service_in/service_out variables
  systemd: Make @service_in@ optional
  systemd: Introduce temporary libvirtd_socket*_in values
  systemd: Provide all input files explicitly
  systemd: Introduce common templates
  systemd: Use common templates by default
  systemd: Switch virtnodedevd to common templates
  systemd: Switch virtinterfaced to common templates
  systemd: Switch virtnwfilterd to common templates
  systemd: Switch virtsecretd to common templates
  systemd: Switch virtnetworkd to common templates
  systemd: Switch virtstoraged to common templates
  systemd: Switch virtvboxd to common templates
  systemd: Switch virtvzd to common templates
  systemd: Switch virtchd to common templates
  systemd: Switch virtxend to common templates
  systemd: Switch virtlxcd to common templates
  systemd: Switch virtqemud to common templates
  systemd: Switch virtproxyd to common templates
  systemd: Drop libvirtd_socket*_in values
  systemd: Drop @deps@
  systemd: Drop parametrization from libvirtd sockets
  systemd: Make modular daemons conflict with libvirtd
  systemd: Replace Requires with BindTo+After for main socket
  systemd: Downgrade read-only/admin sockets to Wants
  systemd: Augment Requires/Wants with After
  systemd: Drop Before=libvirtd from virtlogd/virtlockd
  systemd: Drop Before=foo.service from sockets
  systemd: Add Also between sockets
  systemd: Add RemoveOnStop=yes to all sockets
  systemd: Improve and unify unit descriptions
  systemd: Move Documentation lines

 scripts/merge-systemd-units.py| 91 +++
 scripts/meson.build   |  1 +
 src/ch/meson.build|  4 +-
 src/ch/virtchd.service.extra.in   | 22 +
 src/ch/virtchd.service.in | 44 -
 src/interface/meson.build |  3 +-
 src/interface/virtinterfaced.service.in   | 25 -
 src/libxl/meson.build |  6 +-
 src/libxl/virtxend.service.extra.in   | 13 +++
 src/libxl/virtxend.service.in | 32 ---
 src/libxl/virtxend.socket.extra.in|  2 +
 src/locking/meson.build   |  2 +-
 src/locking/virtlockd-admin.socket.in |  5 +-
 src/locking/virtlockd.service.in  | 11 ++-
 src/locking/virtlockd.socket.in   |  5 +-
 src/logging/meson.build   |  2 +-
 src/logging/virtlogd-admin.socket.in  |  5 +-
 src/logging/virtlogd.service.in   | 11 ++-
 src/logging/virtlogd.socket.in|  5 +-
 src/lxc/meson.build   |  4 +-
 src/lxc/virtlxcd.service.extra.in | 22 +
 src/lxc/virtlxcd.service.in   | 44 -
 src/meson.build   | 41 +++--
 src/network/meson.build   |  4 +-
 src/network/virtnetworkd.service.extra.in |  2 +
 src/network/virtnetworkd.service.in   | 26 --
 src/node_device/meson.build   |  3 +-
 src/node_device/virtnodedevd.service.in   | 25 -
 src/nwfilter/meson.build  |  3 +-
 src/nwfilter/virtnwfilterd.service.in | 25 -
 src/qemu/meson.build  |  4 +-
 src/qemu/virtqemud.service.extra.in   | 30 ++
 src/qemu/virtqemud.service.in | 48 --
 src/remote/libvirtd-admin.socket.in   | 15 +--
 src/remote/libvirtd-ro.socket.in  | 15 +--
 src/remote/libvirtd-tcp.socket.in | 10 +-
 src/remote/libvirtd-tls.socket.in | 10 +-
 src/remote/libvirtd.service.in| 13 ++-
 src/remote/libvirtd.socket.in | 10 +-
 src/remote/meson.build| 13 +--
 src/remote/virtproxyd.service.in  | 25 -
 src/secret/meson.build|  3 +-
 src/secret/virtsecretd.service.in | 25 -
 src/storage/meson.build   |  4 +-
 src/storage/virtstoraged.service.extra.in |  3 +
 src/storage/virtstoraged.service.in   | 2

[libvirt PATCH v2 01/33] systemd: Drop Conflicts from virtproxyd sockets

[Andrea Bolognani]

The idea behind these is to prevent running both modular daemons
and monolithic daemon at the same time. We will implement a more
effective solution for that shortly.

Signed-off-by: Andrea Bolognani 
---
 src/remote/meson.build | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/remote/meson.build b/src/remote/meson.build
index eb4f7a0068..dc2f528d0b 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -128,8 +128,6 @@ libvirtd_socket_unit_files = [
   'libvirtd-tls.socket',
 ]
 
-libvirtd_socket_conflicts = ' '.join(libvirtd_socket_unit_files)
-
 logrotate_files = [
   'libvirtd.qemu',
   'libvirtd.lxc',
@@ -225,7 +223,6 @@ if conf.has('WITH_REMOTE')
   'name': 'Libvirt proxy',
   'sockprefix': 'libvirt',
   'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
-  'deps': 'Conflicts=' + libvirtd_socket_conflicts,
 }
 
 openrc_init_files += {
-- 
2.41.0

[libvirt PATCH v2 24/33] systemd: Make modular daemons conflict with libvirtd

[Andrea Bolognani]

We want to make sure that, at any given time, we have either the
modular daemons or the monolithic one running, never both. In
order to achieve that, make every single modular unit conflict
with the corresponding libvirtd unit.

We set both Conflicts=libvirtd.unit and After=libvirtd.unit: this
tells systemd that, whenever virtfood.unit and libvirtd.unit are
part of the same transaction, the former should win out.

Thanks to this, if both the modular daemons and the monolithic
one have been enabled because of outdated automation or a simple
mistake of the administrator, the request to start libvirtd at
boot will be ignored and the result will be a regular modular
deployment.

If the request to start libvirtd is made when the modular daemons
are already running, we have no way to prevent systemd from
complying with that request; however, thanks to the way the
conflict relationship has been declared, they will be shut down
cleanly before libvirtd is started. From the user's point of
view, the transition from modular to monolithic will be
completely transparent: it's basically the same scenario as a
regular package upgrade, just with an extra twist.

Note that, while switching from modular to monolithic at runtime
happens automatically, going back requires manual intervention,
i.e. starting all the necessary sockets one by one. That's okay:
the goal here is to prevent misconfiguration and force of habit
to accidentally disrupt a working setup, not to encourage the
scenario. In a correctly configured and managed host, it should
never occur.

Signed-off-by: Andrea Bolognani 
Reviewed-by: Daniel P. Berrangé 
---
 src/virtd-admin.socket.in | 2 ++
 src/virtd-ro.socket.in| 2 ++
 src/virtd-tcp.socket.in   | 2 ++
 src/virtd-tls.socket.in   | 2 ++
 src/virtd.service.in  | 3 ++-
 src/virtd.socket.in   | 2 ++
 6 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in
index 39bb0badea..42cc1f670f 100644
--- a/src/virtd-admin.socket.in
+++ b/src/virtd-admin.socket.in
@@ -3,6 +3,8 @@ Description=@name@ admin socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
+Conflicts=libvirtd-admin.socket
+After=libvirtd-admin.socket
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock
diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in
index b7b7ae0dd8..7b8cbdba20 100644
--- a/src/virtd-ro.socket.in
+++ b/src/virtd-ro.socket.in
@@ -3,6 +3,8 @@ Description=@name@ local read-only socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
+Conflicts=libvirtd-ro.socket
+After=libvirtd-ro.socket
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro
diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in
index 7c8bcdb525..9fe90ed0a0 100644
--- a/src/virtd-tcp.socket.in
+++ b/src/virtd-tcp.socket.in
@@ -3,6 +3,8 @@ Description=@name@ non-TLS IP socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
+Conflicts=libvirtd-tcp.socket
+After=libvirtd-tcp.socket
 
 [Socket]
 ListenStream=16509
diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in
index c6dceb2d4e..bb89daddb5 100644
--- a/src/virtd-tls.socket.in
+++ b/src/virtd-tls.socket.in
@@ -3,6 +3,8 @@ Description=@name@ TLS IP socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
+Conflicts=libvirtd-tls.socket
+After=libvirtd-tls.socket
 
 [Socket]
 ListenStream=16514
diff --git a/src/virtd.service.in b/src/virtd.service.in
index 76f9c60351..60ab122cbc 100644
--- a/src/virtd.service.in
+++ b/src/virtd.service.in
@@ -1,9 +1,10 @@
 [Unit]
 Description=@name@ daemon
-Conflicts=libvirtd.service
 Requires=@service@.socket
 Requires=@service@-ro.socket
 Requires=@service@-admin.socket
+Conflicts=libvirtd.service
+After=libvirtd.service
 After=network.target
 After=dbus.service
 After=apparmor.service
diff --git a/src/virtd.socket.in b/src/virtd.socket.in
index aec0708fd4..053dc1c782 100644
--- a/src/virtd.socket.in
+++ b/src/virtd.socket.in
@@ -1,6 +1,8 @@
 [Unit]
 Description=@name@ local socket
 Before=@service@.service
+Conflicts=libvirtd.socket
+After=libvirtd.socket
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-sock
-- 
2.41.0

[libvirt PATCH v2 08/33] systemd: Switch virtnodedevd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/node_device/meson.build |  4 
 src/node_device/virtnodedevd.service.in | 25 -
 2 files changed, 29 deletions(-)
 delete mode 100644 src/node_device/virtnodedevd.service.in

diff --git a/src/node_device/meson.build b/src/node_device/meson.build
index dd60b1f819..2614ff8b9c 100644
--- a/src/node_device/meson.build
+++ b/src/node_device/meson.build
@@ -52,11 +52,7 @@ if conf.has('WITH_NODE_DEVICES')
 
   virt_daemon_units += {
 'service': 'virtnodedevd',
-'service_in': files('virtnodedevd.service.in'),
 'name': 'Libvirt nodedev',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/node_device/virtnodedevd.service.in 
b/src/node_device/virtnodedevd.service.in
deleted file mode 100644
index 2ac41db32e..00
--- a/src/node_device/virtnodedevd.service.in
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Virtualization nodedev daemon
-Conflicts=libvirtd.service
-Requires=virtnodedevd.socket
-Requires=virtnodedevd-ro.socket
-Requires=virtnodedevd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtnodedevd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTNODEDEVD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtnodedevd
-ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtnodedevd.socket
-Also=virtnodedevd-ro.socket
-Also=virtnodedevd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 20/33] systemd: Switch virtproxyd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/remote/meson.build   |  6 --
 src/remote/virtproxyd.service.in | 25 -
 2 files changed, 31 deletions(-)
 delete mode 100644 src/remote/virtproxyd.service.in

diff --git a/src/remote/meson.build b/src/remote/meson.build
index 78c08bf5ad..5ee6d4e61c 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -224,15 +224,9 @@ if conf.has('WITH_REMOTE')
 
 virt_daemon_units += {
   'service': 'virtproxyd',
-  'service_in': files('virtproxyd.service.in'),
   'name': 'Libvirt proxy',
   'sockprefix': 'libvirt',
   'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
-  'socket_in': files('libvirtd.socket.in'),
-  'socket_ro_in': files('libvirtd-ro.socket.in'),
-  'socket_admin_in': files('libvirtd-admin.socket.in'),
-  'socket_tcp_in': files('libvirtd-tcp.socket.in'),
-  'socket_tls_in': files('libvirtd-tls.socket.in'),
 }
 
 openrc_init_files += {
diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in
deleted file mode 100644
index 9b829641f7..00
--- a/src/remote/virtproxyd.service.in
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Virtualization daemon
-Conflicts=libvirtd.service
-Requires=virtproxyd.socket
-Requires=virtproxyd-ro.socket
-Requires=virtproxyd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtproxyd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTPROXYD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtproxyd
-ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtproxyd.socket
-Also=virtproxyd-ro.socket
-Also=virtproxyd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 16/33] systemd: Switch virtchd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/ch/meson.build  |  5 +---
 src/ch/virtchd.service.extra.in | 22 +
 src/ch/virtchd.service.in   | 44 -
 3 files changed, 23 insertions(+), 48 deletions(-)
 create mode 100644 src/ch/virtchd.service.extra.in
 delete mode 100644 src/ch/virtchd.service.in

diff --git a/src/ch/meson.build b/src/ch/meson.build
index dc08069dcd..0ef7288257 100644
--- a/src/ch/meson.build
+++ b/src/ch/meson.build
@@ -57,11 +57,8 @@ if conf.has('WITH_CH')
 
   virt_daemon_units += {
 'service': 'virtchd',
-'service_in': files('virtchd.service.in'),
 'name': 'Libvirt ch',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtchd.service.extra.in'),
   }
 
   virt_install_dirs += [
diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in
new file mode 100644
index 00..bc2fef57cc
--- /dev/null
+++ b/src/ch/virtchd.service.extra.in
@@ -0,0 +1,22 @@
+[Unit]
+Wants=systemd-machined.service
+After=systemd-machined.service
+After=remote-fs.target
+
+[Service]
+KillMode=process
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFILE=1024:524288
+# The cgroups pids controller can limit the number of tasks started by
+# the daemon, which can limit the number of domains for some hypervisors.
+# A conservative default of 8 tasks per guest results in a TasksMax of
+# 32k to support 4096 guests.
+TasksMax=32768
+# With cgroups v2 there is no devices controller anymore, we have to use
+# eBPF to control access to devices. In order to do that we create a eBPF
+# hash MAP which locks memory. The default map size for 64 devices together
+# with program takes 12k per guest. After rounding up we will get 64M to
+# support 4096 guests.
+LimitMEMLOCK=64M
diff --git a/src/ch/virtchd.service.in b/src/ch/virtchd.service.in
deleted file mode 100644
index 351eee312b..00
--- a/src/ch/virtchd.service.in
+++ /dev/null
@@ -1,44 +0,0 @@
-[Unit]
-Description=Virtualization Cloud-Hypervisor daemon
-Conflicts=libvirtd.service
-Requires=virtchd.socket
-Requires=virtchd-ro.socket
-Requires=virtchd-admin.socket
-Wants=systemd-machined.service
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-After=systemd-machined.service
-Documentation=man:virtchd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTCHD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtchd
-ExecStart=@sbindir@/virtchd $VIRTCHD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-# Raise hard limits to match behaviour of systemd >= 240.
-# During startup, daemon will set soft limit to match hard limit
-# per systemd recommendations
-LimitNOFILE=1024:524288
-# The cgroups pids controller can limit the number of tasks started by
-# the daemon, which can limit the number of domains for some hypervisors.
-# A conservative default of 8 tasks per guest results in a TasksMax of
-# 32k to support 4096 guests.
-TasksMax=32768
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices.  In order to do that we create a eBPF
-# hash MAP which locks memory.  The default map size for 64 devices together
-# with program takes 12k per guest.  After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
-
-[Install]
-WantedBy=multi-user.target
-Also=virtchd.socket
-Also=virtchd-ro.socket
-Also=virtchd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 32/33] systemd: Improve and unify unit descriptions

[Andrea Bolognani]

Hypervisors are referred to by their user-facing name rather
than the name of their libvirt driver, the monolithic daemon is
explicitly referred to as legacy, and a consistent format is
used throughout.

Signed-off-by: Andrea Bolognani 
---
 src/ch/meson.build| 2 +-
 src/interface/meson.build | 2 +-
 src/libxl/meson.build | 2 +-
 src/locking/meson.build   | 2 +-
 src/locking/virtlockd-admin.socket.in | 2 +-
 src/locking/virtlockd.service.in  | 2 +-
 src/locking/virtlockd.socket.in   | 2 +-
 src/logging/meson.build   | 2 +-
 src/logging/virtlogd-admin.socket.in  | 2 +-
 src/logging/virtlogd.service.in   | 2 +-
 src/logging/virtlogd.socket.in| 2 +-
 src/lxc/meson.build   | 2 +-
 src/network/meson.build   | 2 +-
 src/node_device/meson.build   | 2 +-
 src/nwfilter/meson.build  | 2 +-
 src/qemu/meson.build  | 2 +-
 src/remote/libvirtd-admin.socket.in   | 2 +-
 src/remote/libvirtd-ro.socket.in  | 2 +-
 src/remote/libvirtd-tcp.socket.in | 2 +-
 src/remote/libvirtd-tls.socket.in | 2 +-
 src/remote/libvirtd.service.in| 2 +-
 src/remote/libvirtd.socket.in | 2 +-
 src/remote/meson.build| 4 ++--
 src/secret/meson.build| 2 +-
 src/storage/meson.build   | 2 +-
 src/vbox/meson.build  | 2 +-
 src/virtd-admin.socket.in | 2 +-
 src/virtd-ro.socket.in| 2 +-
 src/virtd-tcp.socket.in   | 2 +-
 src/virtd-tls.socket.in   | 2 +-
 src/virtd.service.in  | 2 +-
 src/virtd.socket.in   | 2 +-
 src/vz/meson.build| 2 +-
 33 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/ch/meson.build b/src/ch/meson.build
index 0ef7288257..df246ef9b0 100644
--- a/src/ch/meson.build
+++ b/src/ch/meson.build
@@ -57,7 +57,7 @@ if conf.has('WITH_CH')
 
   virt_daemon_units += {
 'service': 'virtchd',
-'name': 'Libvirt ch',
+'name': 'Cloud Hypervisor',
 'service_extra_in': files('virtchd.service.extra.in'),
   }
 
diff --git a/src/interface/meson.build b/src/interface/meson.build
index 54c0b1a935..b1617d83e6 100644
--- a/src/interface/meson.build
+++ b/src/interface/meson.build
@@ -44,7 +44,7 @@ if conf.has('WITH_INTERFACE')
 
   virt_daemon_units += {
 'service': 'virtinterfaced',
-'name': 'Libvirt interface',
+'name': 'interface',
   }
 
   openrc_init_files += {
diff --git a/src/libxl/meson.build b/src/libxl/meson.build
index 171d6ca005..8e6f455139 100644
--- a/src/libxl/meson.build
+++ b/src/libxl/meson.build
@@ -66,7 +66,7 @@ if conf.has('WITH_LIBXL')
 
   virt_daemon_units += {
 'service': 'virtxend',
-'name': 'Libvirt libxl',
+'name': 'Xen',
 'service_extra_in': files('virtxend.service.extra.in'),
 'socket_extra_in': files('virtxend.socket.extra.in'),
   }
diff --git a/src/locking/meson.build b/src/locking/meson.build
index 2ccc822ed3..6b3cd781d1 100644
--- a/src/locking/meson.build
+++ b/src/locking/meson.build
@@ -144,7 +144,7 @@ if conf.has('WITH_LIBVIRTD')
   virt_daemon_units += {
 'service': 'virtlockd',
 'service_in': files('virtlockd.service.in'),
-'name': 'Libvirt locking',
+'name': 'locking',
 'sockets': [ 'main', 'admin' ],
 'socket_in': files('virtlockd.socket.in'),
 'socket_admin_in': files('virtlockd-admin.socket.in'),
diff --git a/src/locking/virtlockd-admin.socket.in 
b/src/locking/virtlockd-admin.socket.in
index 0452a0cfdb..ed5b94edba 100644
--- a/src/locking/virtlockd-admin.socket.in
+++ b/src/locking/virtlockd-admin.socket.in
@@ -1,5 +1,5 @@
 [Unit]
-Description=Virtual machine lock manager admin socket
+Description=libvirt locking daemon admin socket
 BindsTo=virtlockd.socket
 After=virtlockd.socket
 
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 20b4b26f35..290a2887a5 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,5 +1,5 @@
 [Unit]
-Description=Virtual machine lock manager
+Description=libvirt locking daemon
 BindsTo=virtlockd.socket
 Wants=virtlockd-admin.socket
 After=virtlockd.socket
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index 31a576aa16..4eec90a95e 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -1,5 +1,5 @@
 [Unit]
-Description=Virtual machine lock manager socket
+Description=libvirt locking daemon socket
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/virtlockd-sock
diff --git a/src/logging/meson.build b/src/logging/meson.build
index 95d2ef2a3f..1527f91faf 100644
--- a/src/logging/meson.build
+++ b/src/logging/meson.build
@@ -91,7 +91,7 @@ if conf.has('WITH_LIBVIRTD')
   virt_daemon_units += {
 'service': 'virtlogd',
 'service_in': files('virtlogd.service.in'),
-'name': 'Libvirt logging',
+'name': 'logging',

[libvirt PATCH v2 10/33] systemd: Switch virtnwfilterd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/nwfilter/meson.build  |  4 
 src/nwfilter/virtnwfilterd.service.in | 25 -
 2 files changed, 29 deletions(-)
 delete mode 100644 src/nwfilter/virtnwfilterd.service.in

diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build
index de672bb827..c091bc3f1b 100644
--- a/src/nwfilter/meson.build
+++ b/src/nwfilter/meson.build
@@ -50,11 +50,7 @@ if conf.has('WITH_NWFILTER')
 
   virt_daemon_units += {
 'service': 'virtnwfilterd',
-'service_in': files('virtnwfilterd.service.in'),
 'name': 'Libvirt nwfilter',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/nwfilter/virtnwfilterd.service.in 
b/src/nwfilter/virtnwfilterd.service.in
deleted file mode 100644
index d6e98240a8..00
--- a/src/nwfilter/virtnwfilterd.service.in
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Virtualization nwfilter daemon
-Conflicts=libvirtd.service
-Requires=virtnwfilterd.socket
-Requires=virtnwfilterd-ro.socket
-Requires=virtnwfilterd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtnwfilterd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTNWFILTERD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtnwfilterd
-ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtnwfilterd.socket
-Also=virtnwfilterd-ro.socket
-Also=virtnwfilterd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 26/33] systemd: Downgrade read-only/admin sockets to Wants

[Andrea Bolognani]

Only the main socket is actually necessary for the service to be
usable.

In the past, we've had security issues that could be exploited via
access to the read-only socket, so a security-minded administrator
might consider disabling all optional sockets. This change makes
such a setup possible.

Note that the services will still try to activate all their
sockets on startup, even if they have been disabled. To make sure
that the optional sockets are never started, they will have to be
masked.

Signed-off-by: Andrea Bolognani 
---
 src/locking/virtlockd.service.in | 2 +-
 src/logging/virtlogd.service.in  | 2 +-
 src/virtd.service.in | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 35924a2ad7..fcf479c3c6 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,7 +1,7 @@
 [Unit]
 Description=Virtual machine lock manager
 BindsTo=virtlockd.socket
-Requires=virtlockd-admin.socket
+Wants=virtlockd-admin.socket
 After=virtlockd.socket
 Before=libvirtd.service
 Documentation=man:virtlockd(8)
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 79d34bc73e..3265ecd6af 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -1,7 +1,7 @@
 [Unit]
 Description=Virtual machine log manager
 BindsTo=virtlogd.socket
-Requires=virtlogd-admin.socket
+Wants=virtlogd-admin.socket
 After=virtlogd.socket
 Before=libvirtd.service
 Documentation=man:virtlogd(8)
diff --git a/src/virtd.service.in b/src/virtd.service.in
index e7f08b4da9..f4f1bc217d 100644
--- a/src/virtd.service.in
+++ b/src/virtd.service.in
@@ -1,8 +1,8 @@
 [Unit]
 Description=@name@ daemon
 BindsTo=@service@.socket
-Requires=@service@-ro.socket
-Requires=@service@-admin.socket
+Wants=@service@-ro.socket
+Wants=@service@-admin.socket
 After=@service@.socket
 Conflicts=libvirtd.service
 After=libvirtd.service
-- 
2.41.0

[libvirt PATCH v2 17/33] systemd: Switch virtxend to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/libxl/meson.build   |  7 ++-
 src/libxl/virtxend.service.extra.in | 12 +++
 src/libxl/virtxend.service.in   | 32 -
 src/libxl/virtxend.socket.extra.in  |  2 ++
 4 files changed, 16 insertions(+), 37 deletions(-)
 create mode 100644 src/libxl/virtxend.service.extra.in
 delete mode 100644 src/libxl/virtxend.service.in
 create mode 100644 src/libxl/virtxend.socket.extra.in

diff --git a/src/libxl/meson.build b/src/libxl/meson.build
index a1553dbe27..171d6ca005 100644
--- a/src/libxl/meson.build
+++ b/src/libxl/meson.build
@@ -66,12 +66,9 @@ if conf.has('WITH_LIBXL')
 
   virt_daemon_units += {
 'service': 'virtxend',
-'service_in': files('virtxend.service.in'),
 'name': 'Libvirt libxl',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
-'deps': 'ConditionPathExists=/proc/xen/capabilities',
+'service_extra_in': files('virtxend.service.extra.in'),
+'socket_extra_in': files('virtxend.socket.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/libxl/virtxend.service.extra.in 
b/src/libxl/virtxend.service.extra.in
new file mode 100644
index 00..ba38ba9160
--- /dev/null
+++ b/src/libxl/virtxend.service.extra.in
@@ -0,0 +1,12 @@
+[Unit]
+Wants=virtlockd.socket
+After=remote-fs.target
+After=xencommons.service
+Conflicts=xendomains.service
+ConditionPathExists=/proc/xen/capabilities
+
+[Service]
+KillMode=process
+
+[Install]
+Also=virtlockd.socket
diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in
deleted file mode 100644
index c6a88f7fe9..00
--- a/src/libxl/virtxend.service.in
+++ /dev/null
@@ -1,32 +0,0 @@
-[Unit]
-Description=Virtualization xen daemon
-Conflicts=libvirtd.service
-Requires=virtxend.socket
-Requires=virtxend-ro.socket
-Requires=virtxend-admin.socket
-Wants=virtlockd.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-After=xencommons.service
-Conflicts=xendomains.service
-Documentation=man:virtxend(8)
-Documentation=https://libvirt.org
-ConditionPathExists=/proc/xen/capabilities
-
-[Service]
-Type=notify
-Environment=VIRTXEND_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtxend
-ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-KillMode=process
-
-[Install]
-WantedBy=multi-user.target
-Also=virtlockd.socket
-Also=virtxend.socket
-Also=virtxend-ro.socket
-Also=virtxend-admin.socket
diff --git a/src/libxl/virtxend.socket.extra.in 
b/src/libxl/virtxend.socket.extra.in
new file mode 100644
index 00..c8322efbbc
--- /dev/null
+++ b/src/libxl/virtxend.socket.extra.in
@@ -0,0 +1,2 @@
+[Unit]
+ConditionPathExists=/proc/xen/capabilities
-- 
2.41.0

[libvirt PATCH v2 23/33] systemd: Drop parametrization from libvirtd sockets

[Andrea Bolognani]

Up until now the files have been used as template for most
services, but now that those have been converted to common
templates we can drop parametrization and make it clear that
these files are for libvirtd only.

Signed-off-by: Andrea Bolognani 
---
 src/remote/libvirtd-admin.socket.in | 10 +-
 src/remote/libvirtd-ro.socket.in| 10 +-
 src/remote/libvirtd-tcp.socket.in   |  8 
 src/remote/libvirtd-tls.socket.in   |  8 
 src/remote/libvirtd.socket.in   |  6 +++---
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index 39bb0badea..8d927db63b 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -1,12 +1,12 @@
 [Unit]
 Description=@name@ admin socket
-Before=@service@.service
-BindsTo=@service@.socket
-After=@service@.socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
 
 [Socket]
-ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock
-Service=@service@.service
+ListenStream=@runstatedir@/libvirt/libvirt-admin-sock
+Service=libvirtd.service
 SocketMode=0600
 
 [Install]
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index b7b7ae0dd8..cc10190ab4 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -1,12 +1,12 @@
 [Unit]
 Description=@name@ local read-only socket
-Before=@service@.service
-BindsTo=@service@.socket
-After=@service@.socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
 
 [Socket]
-ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro
-Service=@service@.service
+ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
+Service=libvirtd.service
 SocketMode=0666
 
 [Install]
diff --git a/src/remote/libvirtd-tcp.socket.in 
b/src/remote/libvirtd-tcp.socket.in
index 7c8bcdb525..bc35f19c06 100644
--- a/src/remote/libvirtd-tcp.socket.in
+++ b/src/remote/libvirtd-tcp.socket.in
@@ -1,12 +1,12 @@
 [Unit]
 Description=@name@ non-TLS IP socket
-Before=@service@.service
-BindsTo=@service@.socket
-After=@service@.socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
 
 [Socket]
 ListenStream=16509
-Service=@service@.service
+Service=libvirtd.service
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd-tls.socket.in 
b/src/remote/libvirtd-tls.socket.in
index c6dceb2d4e..868a0be318 100644
--- a/src/remote/libvirtd-tls.socket.in
+++ b/src/remote/libvirtd-tls.socket.in
@@ -1,12 +1,12 @@
 [Unit]
 Description=@name@ TLS IP socket
-Before=@service@.service
-BindsTo=@service@.socket
-After=@service@.socket
+Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket
 
 [Socket]
 ListenStream=16514
-Service=@service@.service
+Service=libvirtd.service
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index aec0708fd4..ea0554546a 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -1,10 +1,10 @@
 [Unit]
 Description=@name@ local socket
-Before=@service@.service
+Before=libvirtd.service
 
 [Socket]
-ListenStream=@runstatedir@/libvirt/@sockprefix@-sock
-Service=@service@.service
+ListenStream=@runstatedir@/libvirt/libvirt-sock
+Service=libvirtd.service
 SocketMode=@sockmode@
 RemoveOnStop=yes
 
-- 
2.41.0

[libvirt PATCH v2 21/33] systemd: Drop libvirtd_socket*_in values

[Andrea Bolognani]

Now that the migration to common templates has been completed,
we no longer need these.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 4 
 1 file changed, 4 deletions(-)

diff --git a/src/meson.build b/src/meson.build
index 0fbefe37d5..541ca61101 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -191,10 +191,6 @@ virt_test_aug_dir = datadir / 'augeas' / 'lenses' / 'tests'
 #   guest unit files to install
 guest_unit_files = []
 
-libvirtd_socket_in = files('remote' / 'libvirtd.socket.in')
-libvirtd_socket_ro_in = files('remote' / 'libvirtd-ro.socket.in')
-libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in')
-
 # virt_daemon_units:
 #   generate libvirt daemon systemd unit files
 #   * service - name of the service (required)
-- 
2.41.0

[libvirt PATCH v2 18/33] systemd: Switch virtlxcd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/lxc/meson.build   |  5 +---
 src/lxc/virtlxcd.service.extra.in | 22 
 src/lxc/virtlxcd.service.in   | 44 ---
 3 files changed, 23 insertions(+), 48 deletions(-)
 create mode 100644 src/lxc/virtlxcd.service.extra.in
 delete mode 100644 src/lxc/virtlxcd.service.in

diff --git a/src/lxc/meson.build b/src/lxc/meson.build
index 531078448c..84e6c313ea 100644
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -164,11 +164,8 @@ if conf.has('WITH_LXC')
 
   virt_daemon_units += {
 'service': 'virtlxcd',
-'service_in': files('virtlxcd.service.in'),
 'name': 'Libvirt lxc',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtlxcd.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/lxc/virtlxcd.service.extra.in 
b/src/lxc/virtlxcd.service.extra.in
new file mode 100644
index 00..bc2fef57cc
--- /dev/null
+++ b/src/lxc/virtlxcd.service.extra.in
@@ -0,0 +1,22 @@
+[Unit]
+Wants=systemd-machined.service
+After=systemd-machined.service
+After=remote-fs.target
+
+[Service]
+KillMode=process
+# Raise hard limits to match behaviour of systemd >= 240.
+# During startup, daemon will set soft limit to match hard limit
+# per systemd recommendations
+LimitNOFILE=1024:524288
+# The cgroups pids controller can limit the number of tasks started by
+# the daemon, which can limit the number of domains for some hypervisors.
+# A conservative default of 8 tasks per guest results in a TasksMax of
+# 32k to support 4096 guests.
+TasksMax=32768
+# With cgroups v2 there is no devices controller anymore, we have to use
+# eBPF to control access to devices. In order to do that we create a eBPF
+# hash MAP which locks memory. The default map size for 64 devices together
+# with program takes 12k per guest. After rounding up we will get 64M to
+# support 4096 guests.
+LimitMEMLOCK=64M
diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in
deleted file mode 100644
index ee3a7f1083..00
--- a/src/lxc/virtlxcd.service.in
+++ /dev/null
@@ -1,44 +0,0 @@
-[Unit]
-Description=Virtualization lxc daemon
-Conflicts=libvirtd.service
-Requires=virtlxcd.socket
-Requires=virtlxcd-ro.socket
-Requires=virtlxcd-admin.socket
-Wants=systemd-machined.service
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-After=systemd-machined.service
-Documentation=man:virtlxcd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTLXCD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtlxcd
-ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-# Raise hard limits to match behaviour of systemd >= 240.
-# During startup, daemon will set soft limit to match hard limit
-# per systemd recommendations
-LimitNOFILE=1024:524288
-# The cgroups pids controller can limit the number of tasks started by
-# the daemon, which can limit the number of domains for some hypervisors.
-# A conservative default of 8 tasks per guest results in a TasksMax of
-# 32k to support 4096 guests.
-TasksMax=32768
-# With cgroups v2 there is no devices controller anymore, we have to use
-# eBPF to control access to devices.  In order to do that we create a eBPF
-# hash MAP which locks memory.  The default map size for 64 devices together
-# with program takes 12k per guest.  After rounding up we will get 64M to
-# support 4096 guests.
-LimitMEMLOCK=64M
-
-[Install]
-WantedBy=multi-user.target
-Also=virtlxcd.socket
-Also=virtlxcd-ro.socket
-Also=virtlxcd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 25/33] systemd: Replace Requires with BindTo+After for main socket

[Andrea Bolognani]

This is the strongest relationship that can be declared between
two units, and causes the service to be terminated immediately
if its main socket disappears. This is the behavior we want.

Note that we don't do the same for the read-only/admin sockets,
because those are not as critical for the core functionality of
services as the main socket it.

Signed-off-by: Andrea Bolognani 
---
 src/locking/virtlockd.service.in | 3 ++-
 src/logging/virtlogd.service.in  | 3 ++-
 src/virtd.service.in | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 9e91fa3261..35924a2ad7 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,7 +1,8 @@
 [Unit]
 Description=Virtual machine lock manager
-Requires=virtlockd.socket
+BindsTo=virtlockd.socket
 Requires=virtlockd-admin.socket
+After=virtlockd.socket
 Before=libvirtd.service
 Documentation=man:virtlockd(8)
 Documentation=https://libvirt.org
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 97c942ffb0..79d34bc73e 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -1,7 +1,8 @@
 [Unit]
 Description=Virtual machine log manager
-Requires=virtlogd.socket
+BindsTo=virtlogd.socket
 Requires=virtlogd-admin.socket
+After=virtlogd.socket
 Before=libvirtd.service
 Documentation=man:virtlogd(8)
 Documentation=https://libvirt.org
diff --git a/src/virtd.service.in b/src/virtd.service.in
index 60ab122cbc..e7f08b4da9 100644
--- a/src/virtd.service.in
+++ b/src/virtd.service.in
@@ -1,8 +1,9 @@
 [Unit]
 Description=@name@ daemon
-Requires=@service@.socket
+BindsTo=@service@.socket
 Requires=@service@-ro.socket
 Requires=@service@-admin.socket
+After=@service@.socket
 Conflicts=libvirtd.service
 After=libvirtd.service
 After=network.target
-- 
2.41.0

[libvirt PATCH v2 29/33] systemd: Drop Before=foo.service from sockets

[Andrea Bolognani]

systemd will automatically infer this dependency based on the
socket's Service=foo.service setting.

Signed-off-by: Andrea Bolognani 
Reviewed-by: Daniel P. Berrangé 
---
 src/remote/libvirtd-admin.socket.in | 1 -
 src/remote/libvirtd-ro.socket.in| 1 -
 src/remote/libvirtd-tcp.socket.in   | 1 -
 src/remote/libvirtd-tls.socket.in   | 1 -
 src/remote/libvirtd.socket.in   | 1 -
 src/virtd-admin.socket.in   | 1 -
 src/virtd-ro.socket.in  | 1 -
 src/virtd-tcp.socket.in | 1 -
 src/virtd-tls.socket.in | 1 -
 src/virtd.socket.in | 1 -
 10 files changed, 10 deletions(-)

diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index 8d927db63b..098e372971 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ admin socket
-Before=libvirtd.service
 BindsTo=libvirtd.socket
 After=libvirtd.socket
 
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index cc10190ab4..101555e8a0 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ local read-only socket
-Before=libvirtd.service
 BindsTo=libvirtd.socket
 After=libvirtd.socket
 
diff --git a/src/remote/libvirtd-tcp.socket.in 
b/src/remote/libvirtd-tcp.socket.in
index bc35f19c06..8b8fbcd01a 100644
--- a/src/remote/libvirtd-tcp.socket.in
+++ b/src/remote/libvirtd-tcp.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ non-TLS IP socket
-Before=libvirtd.service
 BindsTo=libvirtd.socket
 After=libvirtd.socket
 
diff --git a/src/remote/libvirtd-tls.socket.in 
b/src/remote/libvirtd-tls.socket.in
index 868a0be318..fefda22c6b 100644
--- a/src/remote/libvirtd-tls.socket.in
+++ b/src/remote/libvirtd-tls.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ TLS IP socket
-Before=libvirtd.service
 BindsTo=libvirtd.socket
 After=libvirtd.socket
 
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index ea0554546a..3019821df3 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ local socket
-Before=libvirtd.service
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/libvirt-sock
diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in
index 42cc1f670f..63db2be5fe 100644
--- a/src/virtd-admin.socket.in
+++ b/src/virtd-admin.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ admin socket
-Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
 Conflicts=libvirtd-admin.socket
diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in
index 7b8cbdba20..32e4789b8b 100644
--- a/src/virtd-ro.socket.in
+++ b/src/virtd-ro.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ local read-only socket
-Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
 Conflicts=libvirtd-ro.socket
diff --git a/src/virtd-tcp.socket.in b/src/virtd-tcp.socket.in
index 9fe90ed0a0..10480d64e3 100644
--- a/src/virtd-tcp.socket.in
+++ b/src/virtd-tcp.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ non-TLS IP socket
-Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
 Conflicts=libvirtd-tcp.socket
diff --git a/src/virtd-tls.socket.in b/src/virtd-tls.socket.in
index bb89daddb5..83a1e343bc 100644
--- a/src/virtd-tls.socket.in
+++ b/src/virtd-tls.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ TLS IP socket
-Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
 Conflicts=libvirtd-tls.socket
diff --git a/src/virtd.socket.in b/src/virtd.socket.in
index 053dc1c782..d0a0bb3b1c 100644
--- a/src/virtd.socket.in
+++ b/src/virtd.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=@name@ local socket
-Before=@service@.service
 Conflicts=libvirtd.socket
 After=libvirtd.socket
 
-- 
2.41.0

[libvirt PATCH v2 27/33] systemd: Augment Requires/Wants with After

[Andrea Bolognani]

Requires/Wants only tells systemd that the corresponding unit
should be started when the current one is, but that could very
well happen in parallel. For virtlogd/virtlockd, we want the
socket to be already active when the hypervisor driver is
started.

Signed-off-by: Andrea Bolognani 
Reviewed-by: Daniel P. Berrangé 
---
 src/libxl/virtxend.service.extra.in | 1 +
 src/locking/virtlockd.service.in| 1 +
 src/logging/virtlogd.service.in | 1 +
 src/qemu/virtqemud.service.extra.in | 2 ++
 src/remote/libvirtd.service.in  | 7 ++-
 src/virtd.service.in| 2 ++
 6 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/libxl/virtxend.service.extra.in 
b/src/libxl/virtxend.service.extra.in
index ba38ba9160..55783aa3d5 100644
--- a/src/libxl/virtxend.service.extra.in
+++ b/src/libxl/virtxend.service.extra.in
@@ -1,5 +1,6 @@
 [Unit]
 Wants=virtlockd.socket
+After=virtlockd.socket
 After=remote-fs.target
 After=xencommons.service
 Conflicts=xendomains.service
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index fcf479c3c6..e0a7040ad3 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -3,6 +3,7 @@ Description=Virtual machine lock manager
 BindsTo=virtlockd.socket
 Wants=virtlockd-admin.socket
 After=virtlockd.socket
+After=virtlockd-admin.socket
 Before=libvirtd.service
 Documentation=man:virtlockd(8)
 Documentation=https://libvirt.org
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 3265ecd6af..eab0d2c27c 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -3,6 +3,7 @@ Description=Virtual machine log manager
 BindsTo=virtlogd.socket
 Wants=virtlogd-admin.socket
 After=virtlogd.socket
+After=virtlogd-admin.socket
 Before=libvirtd.service
 Documentation=man:virtlogd(8)
 Documentation=https://libvirt.org
diff --git a/src/qemu/virtqemud.service.extra.in 
b/src/qemu/virtqemud.service.extra.in
index eaf616f575..585e1e82eb 100644
--- a/src/qemu/virtqemud.service.extra.in
+++ b/src/qemu/virtqemud.service.extra.in
@@ -1,6 +1,8 @@
 [Unit]
 Requires=virtlogd.socket
 Wants=virtlockd.socket
+After=virtlogd.socket
+After=virtlockd.socket
 Wants=systemd-machined.service
 After=systemd-machined.service
 After=remote-fs.target
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 8839c00a15..a2c3c8f8fa 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -1,13 +1,18 @@
 [Unit]
 Description=Virtualization daemon
-Requires=virtlogd.socket
 # Use Wants instead of Requires so that users
 # can disable these three .socket units to revert
 # to a traditional non-activation deployment setup
 Wants=libvirtd.socket
 Wants=libvirtd-ro.socket
 Wants=libvirtd-admin.socket
+After=libvirtd.socket
+After=libvirtd-ro.socket
+After=libvirtd-admin.socket
+Requires=virtlogd.socket
 Wants=virtlockd.socket
+After=virtlogd.socket
+After=virtlockd.socket
 Wants=systemd-machined.service
 After=network.target
 After=dbus.service
diff --git a/src/virtd.service.in b/src/virtd.service.in
index f4f1bc217d..e1a5814b13 100644
--- a/src/virtd.service.in
+++ b/src/virtd.service.in
@@ -4,6 +4,8 @@ BindsTo=@service@.socket
 Wants=@service@-ro.socket
 Wants=@service@-admin.socket
 After=@service@.socket
+After=@service@-ro.socket
+After=@service@-admin.socket
 Conflicts=libvirtd.service
 After=libvirtd.service
 After=network.target
-- 
2.41.0

[libvirt PATCH v2 07/33] systemd: Use common templates by default

[Andrea Bolognani]

All services are still listing their input files explicitly, so
no changes to the output files will occur yet.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/meson.build b/src/meson.build
index 02c92621ba..0fbefe37d5 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -201,8 +201,8 @@ libvirtd_socket_admin_in = files('remote' / 
'libvirtd-admin.socket.in')
 #   * name - socket description (required)
 #   * sockprefix - socket prefix name (optional, default unit['service'])
 #   * sockets - array of additional sockets (optional, default [ 'main', 'ro', 
'admin' ])
-#   * service_in - service source file (optional, default 
remote/libvirtd.service.in)
-#   * socket_$name_in - additional socket source files (optional, default 
remote/libvirtd.socket.in )
+#   * service_in - service source file (optional, default virtd.service.in)
+#   * socket_$name_in - additional socket source files (optional, default 
virtd.socket.in or virtd-$name.socket.in)
 #   * service_extra_in - unit to merge with service_in (optional, default None)
 #   * socket_extra_in - unit to merge with socket_$name_in (optional, default 
None)
 #   * deps - socket dependencies (optional, default '')
@@ -809,7 +809,7 @@ if conf.has('WITH_LIBVIRTD')
   sockmode = '0600'
 endif
 
-service_in_default = 'remote' / 'libvirtd.service.in'
+service_in_default = 'virtd.service.in'
 
 foreach unit : virt_daemon_units
   unit_conf = configuration_data({
@@ -847,11 +847,11 @@ if conf.has('WITH_LIBVIRTD')
 
   foreach socket : unit.get('sockets', [ 'main', 'ro', 'admin' ])
 if socket == 'main'
-  socket_in_default = 'remote' / 'libvirtd.socket.in'
+  socket_in_default = 'virtd.socket.in'
   socket_in = unit.get('socket_in', socket_in_default)
   socket_out = '@0@.socket'.format(unit['service'])
 else
-  socket_in_default = 'remote' / 
'libvirtd-@0...@.socket.in'.format(socket)
+  socket_in_default = 'virtd-@0...@.socket.in'.format(socket)
   socket_in = unit.get('socket_@0@_in'.format(socket), 
socket_in_default)
   socket_out = '@0@-@1@.socket'.format(unit['service'], socket)
 endif
-- 
2.41.0

[libvirt PATCH v2 14/33] systemd: Switch virtvboxd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/vbox/meson.build|  5 +
 src/vbox/virtvboxd.service.extra.in |  2 ++
 src/vbox/virtvboxd.service.in   | 26 --
 3 files changed, 3 insertions(+), 30 deletions(-)
 create mode 100644 src/vbox/virtvboxd.service.extra.in
 delete mode 100644 src/vbox/virtvboxd.service.in

diff --git a/src/vbox/meson.build b/src/vbox/meson.build
index 2d6b71ab8f..ee6efbdb42 100644
--- a/src/vbox/meson.build
+++ b/src/vbox/meson.build
@@ -57,11 +57,8 @@ if conf.has('WITH_VBOX')
 
   virt_daemon_units += {
 'service': 'virtvboxd',
-'service_in': files('virtvboxd.service.in'),
 'name': 'Libvirt vbox',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtvboxd.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/vbox/virtvboxd.service.extra.in 
b/src/vbox/virtvboxd.service.extra.in
new file mode 100644
index 00..ba3ad13ace
--- /dev/null
+++ b/src/vbox/virtvboxd.service.extra.in
@@ -0,0 +1,2 @@
+[Unit]
+After=remote-fs.target
diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in
deleted file mode 100644
index a567ed2443..00
--- a/src/vbox/virtvboxd.service.in
+++ /dev/null
@@ -1,26 +0,0 @@
-[Unit]
-Description=Virtualization vbox daemon
-Conflicts=libvirtd.service
-Requires=virtvboxd.socket
-Requires=virtvboxd-ro.socket
-Requires=virtvboxd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-After=remote-fs.target
-Documentation=man:virtvboxd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTVBOXD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtvboxd
-ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtvboxd.socket
-Also=virtvboxd-ro.socket
-Also=virtvboxd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 06/33] systemd: Introduce common templates

[Andrea Bolognani]

We already use templating to generate sockets, which are all
based off libvirtd's. Push the idea further, and extend it to
cover services as well.

This is more challenging, as the various modular daemons each have
their own needs in terms of what system services needs to be
available before they can be started, which other components of
libvirt they depend on, and so on.

In order to make this sort of per-service tweaks possible, we
introduce a Python script that can merge two systemd units
together. The script is aware of the semantics of systemd's unit
definition format, so it can intelligently merge sections
together.

This generic systemd unit merging mechanism will also supersede
the extremely ad-hoc @deps@ variable, which is currently used in
a single scenario.

Signed-off-by: Andrea Bolognani 
---
 scripts/merge-systemd-units.py | 91 ++
 scripts/meson.build|  1 +
 src/meson.build| 22 
 src/virtd-admin.socket.in  | 13 +
 src/virtd-ro.socket.in | 13 +
 src/virtd-tcp.socket.in| 12 +
 src/virtd-tls.socket.in| 12 +
 src/virtd.service.in   | 25 ++
 src/virtd.socket.in| 12 +
 9 files changed, 201 insertions(+)
 create mode 100755 scripts/merge-systemd-units.py
 create mode 100644 src/virtd-admin.socket.in
 create mode 100644 src/virtd-ro.socket.in
 create mode 100644 src/virtd-tcp.socket.in
 create mode 100644 src/virtd-tls.socket.in
 create mode 100644 src/virtd.service.in
 create mode 100644 src/virtd.socket.in

diff --git a/scripts/merge-systemd-units.py b/scripts/merge-systemd-units.py
new file mode 100755
index 00..136bc8d416
--- /dev/null
+++ b/scripts/merge-systemd-units.py
@@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+
+import sys
+
+SECTIONS = [
+'[Unit]',
+'[Service]',
+'[Socket]',
+'[Install]',
+]
+
+
+def parse_unit(unit_path):
+unit = {}
+current_section = '[Invalid]'
+
+with open(unit_path) as f:
+for line in f:
+line = line.strip()
+
+if line == '':
+continue
+
+if line[0] == '[' and line[-1] == ']':
+if line not in SECTIONS:
+print('Unknown section {}'.format(line))
+sys.exit(1)
+
+current_section = line
+continue
+
+if current_section not in unit:
+unit[current_section] = []
+
+unit[current_section].append(line)
+
+if '[Invalid]' in unit:
+print('Contents found outside of any section')
+sys.exit(1)
+
+return unit
+
+
+def format_unit(unit):
+lines = []
+
+for section in SECTIONS:
+if section not in unit:
+continue
+
+lines.append(section)
+
+for line in unit[section]:
+lines.append(line)
+
+lines.append('')
+
+return '\n'.join(lines)
+
+
+def merge_units(base, extra):
+merged = {}
+
+for section in SECTIONS:
+if section in extra and section not in base:
+print('Section {} in extra but not in base'.format(section))
+sys.exit(1)
+
+if section not in base:
+continue
+
+merged[section] = base[section]
+
+if section not in extra:
+continue
+
+merged[section].extend(extra[section])
+
+return merged
+
+
+if len(sys.argv) < 2:
+print('usage: {} BASE EXTRA'.format(sys.argv[0]))
+sys.exit(1)
+
+base = parse_unit(sys.argv[1])
+extra = parse_unit(sys.argv[2])
+
+merged = merge_units(base, extra)
+
+sys.stdout.write(format_unit(merged))
diff --git a/scripts/meson.build b/scripts/meson.build
index 05b71184f1..65fd1e21c5 100644
--- a/scripts/meson.build
+++ b/scripts/meson.build
@@ -19,6 +19,7 @@ scripts = [
   'header-ifdef.py',
   'hvsupport.py',
   'hyperv_wmi_generator.py',
+  'merge-systemd-units.py',
   'meson-dist.py',
   'meson-gen-authors.py',
   'meson-gen-def.py',
diff --git a/src/meson.build b/src/meson.build
index 2fbf98b9fe..02c92621ba 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -203,6 +203,8 @@ libvirtd_socket_admin_in = files('remote' / 
'libvirtd-admin.socket.in')
 #   * sockets - array of additional sockets (optional, default [ 'main', 'ro', 
'admin' ])
 #   * service_in - service source file (optional, default 
remote/libvirtd.service.in)
 #   * socket_$name_in - additional socket source files (optional, default 
remote/libvirtd.socket.in )
+#   * service_extra_in - unit to merge with service_in (optional, default None)
+#   * socket_extra_in - unit to merge with socket_$name_in (optional, default 
None)
 #   * deps - socket dependencies (optional, default '')
 virt_daemon_units = []
 
@@ -817,6 +819,7 @@ if conf.has('WITH_LIBVIRTD')
 'initconfdir': initconfdir,
 'name': unit['name'],
 'service': unit['service'],
+'SERVICE': unit['service'].to_upper(),
 'sockprefix': unit.get('sockp

[libvirt PATCH v2 04/33] systemd: Introduce temporary libvirtd_socket*_in values

[Andrea Bolognani]

These will be useful during the upcoming migration to common
templates for systemd units and will be dropped as soon as all
services have been converted.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/meson.build b/src/meson.build
index b7c2076c04..2fbf98b9fe 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -191,6 +191,10 @@ virt_test_aug_dir = datadir / 'augeas' / 'lenses' / 'tests'
 #   guest unit files to install
 guest_unit_files = []
 
+libvirtd_socket_in = files('remote' / 'libvirtd.socket.in')
+libvirtd_socket_ro_in = files('remote' / 'libvirtd-ro.socket.in')
+libvirtd_socket_admin_in = files('remote' / 'libvirtd-admin.socket.in')
+
 # virt_daemon_units:
 #   generate libvirt daemon systemd unit files
 #   * service - name of the service (required)
-- 
2.41.0

[libvirt PATCH v2 13/33] systemd: Switch virtstoraged to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/storage/meson.build   |  5 +
 src/storage/virtstoraged.service.extra.in |  3 +++
 src/storage/virtstoraged.service.in   | 27 ---
 3 files changed, 4 insertions(+), 31 deletions(-)
 create mode 100644 src/storage/virtstoraged.service.extra.in
 delete mode 100644 src/storage/virtstoraged.service.in

diff --git a/src/storage/meson.build b/src/storage/meson.build
index e0a1e9f4de..fb7feea81d 100644
--- a/src/storage/meson.build
+++ b/src/storage/meson.build
@@ -111,11 +111,8 @@ if conf.has('WITH_STORAGE')
 
   virt_daemon_units += {
 'service': 'virtstoraged',
-'service_in': files('virtstoraged.service.in'),
 'name': 'Libvirt storage',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtstoraged.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/storage/virtstoraged.service.extra.in 
b/src/storage/virtstoraged.service.extra.in
new file mode 100644
index 00..d134ae18da
--- /dev/null
+++ b/src/storage/virtstoraged.service.extra.in
@@ -0,0 +1,3 @@
+[Unit]
+After=iscsid.service
+After=remote-fs.target
diff --git a/src/storage/virtstoraged.service.in 
b/src/storage/virtstoraged.service.in
deleted file mode 100644
index 235fbc6798..00
--- a/src/storage/virtstoraged.service.in
+++ /dev/null
@@ -1,27 +0,0 @@
-[Unit]
-Description=Virtualization storage daemon
-Conflicts=libvirtd.service
-Requires=virtstoraged.socket
-Requires=virtstoraged-ro.socket
-Requires=virtstoraged-admin.socket
-After=network.target
-After=dbus.service
-After=iscsid.service
-After=apparmor.service
-After=remote-fs.target
-Documentation=man:virtstoraged(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTSTORAGED_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtstoraged
-ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtstoraged.socket
-Also=virtstoraged-ro.socket
-Also=virtstoraged-admin.socket
-- 
2.41.0

[libvirt PATCH v2 12/33] systemd: Switch virtnetworkd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/network/meson.build   |  5 +
 src/network/virtnetworkd.service.extra.in |  2 ++
 src/network/virtnetworkd.service.in   | 26 ---
 3 files changed, 3 insertions(+), 30 deletions(-)
 create mode 100644 src/network/virtnetworkd.service.extra.in
 delete mode 100644 src/network/virtnetworkd.service.in

diff --git a/src/network/meson.build b/src/network/meson.build
index 2e51d5d47b..ed7707c714 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -62,11 +62,8 @@ if conf.has('WITH_NETWORK')
 
   virt_daemon_units += {
 'service': 'virtnetworkd',
-'service_in': files('virtnetworkd.service.in'),
 'name': 'Libvirt network',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
+'service_extra_in': files('virtnetworkd.service.extra.in'),
   }
 
   openrc_init_files += {
diff --git a/src/network/virtnetworkd.service.extra.in 
b/src/network/virtnetworkd.service.extra.in
new file mode 100644
index 00..9fcabf652d
--- /dev/null
+++ b/src/network/virtnetworkd.service.extra.in
@@ -0,0 +1,2 @@
+[Service]
+KillMode=process
diff --git a/src/network/virtnetworkd.service.in 
b/src/network/virtnetworkd.service.in
deleted file mode 100644
index 3d7374715d..00
--- a/src/network/virtnetworkd.service.in
+++ /dev/null
@@ -1,26 +0,0 @@
-[Unit]
-Description=Virtualization network daemon
-Conflicts=libvirtd.service
-Requires=virtnetworkd.socket
-Requires=virtnetworkd-ro.socket
-Requires=virtnetworkd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtnetworkd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTNETWORKD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtnetworkd
-ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-KillMode=process
-
-[Install]
-WantedBy=multi-user.target
-Also=virtnetworkd.socket
-Also=virtnetworkd-ro.socket
-Also=virtnetworkd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 05/33] systemd: Provide all input files explicitly

[Andrea Bolognani]

We're about to change the defaults and start migrating to common
templates: in order to be able to switch units over one at a
time, make the input files that are currently used explicit
rather than implicit.

Signed-off-by: Andrea Bolognani 
---
 src/ch/meson.build  |  3 +++
 src/interface/meson.build   |  3 +++
 src/libxl/meson.build   |  3 +++
 src/lxc/meson.build |  3 +++
 src/network/meson.build |  3 +++
 src/node_device/meson.build |  3 +++
 src/nwfilter/meson.build|  3 +++
 src/qemu/meson.build|  3 +++
 src/remote/meson.build  | 10 ++
 src/secret/meson.build  |  3 +++
 src/storage/meson.build |  3 +++
 src/vbox/meson.build|  3 +++
 src/vz/meson.build  |  3 +++
 13 files changed, 46 insertions(+)

diff --git a/src/ch/meson.build b/src/ch/meson.build
index 936b9bc95a..dc08069dcd 100644
--- a/src/ch/meson.build
+++ b/src/ch/meson.build
@@ -59,6 +59,9 @@ if conf.has('WITH_CH')
 'service': 'virtchd',
 'service_in': files('virtchd.service.in'),
 'name': 'Libvirt ch',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   virt_install_dirs += [
diff --git a/src/interface/meson.build b/src/interface/meson.build
index 06c5241fa3..6fa65117c3 100644
--- a/src/interface/meson.build
+++ b/src/interface/meson.build
@@ -46,6 +46,9 @@ if conf.has('WITH_INTERFACE')
 'service': 'virtinterfaced',
 'service_in': files('virtinterfaced.service.in'),
 'name': 'Libvirt interface',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/libxl/meson.build b/src/libxl/meson.build
index db8ccde38e..a1553dbe27 100644
--- a/src/libxl/meson.build
+++ b/src/libxl/meson.build
@@ -68,6 +68,9 @@ if conf.has('WITH_LIBXL')
 'service': 'virtxend',
 'service_in': files('virtxend.service.in'),
 'name': 'Libvirt libxl',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
 'deps': 'ConditionPathExists=/proc/xen/capabilities',
   }
 
diff --git a/src/lxc/meson.build b/src/lxc/meson.build
index a8773f64a5..531078448c 100644
--- a/src/lxc/meson.build
+++ b/src/lxc/meson.build
@@ -166,6 +166,9 @@ if conf.has('WITH_LXC')
 'service': 'virtlxcd',
 'service_in': files('virtlxcd.service.in'),
 'name': 'Libvirt lxc',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/network/meson.build b/src/network/meson.build
index 40abfaef7e..2e51d5d47b 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -64,6 +64,9 @@ if conf.has('WITH_NETWORK')
 'service': 'virtnetworkd',
 'service_in': files('virtnetworkd.service.in'),
 'name': 'Libvirt network',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/node_device/meson.build b/src/node_device/meson.build
index 47d9f63600..dd60b1f819 100644
--- a/src/node_device/meson.build
+++ b/src/node_device/meson.build
@@ -54,6 +54,9 @@ if conf.has('WITH_NODE_DEVICES')
 'service': 'virtnodedevd',
 'service_in': files('virtnodedevd.service.in'),
 'name': 'Libvirt nodedev',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build
index 5efdee7189..de672bb827 100644
--- a/src/nwfilter/meson.build
+++ b/src/nwfilter/meson.build
@@ -52,6 +52,9 @@ if conf.has('WITH_NWFILTER')
 'service': 'virtnwfilterd',
 'service_in': files('virtnwfilterd.service.in'),
 'name': 'Libvirt nwfilter',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index afa9139d9a..b52497bdf0 100644
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -185,6 +185,9 @@ if conf.has('WITH_QEMU')
 'service': 'virtqemud',
 'service_in': files('virtqemud.service.in'),
 'name': 'Libvirt qemu',
+'socket_in': libvirtd_socket_in,
+'socket_ro_in': libvirtd_socket_ro_in,
+'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/remote/meson.build b/src/remote/meson.build
index dc2f528d0b..78c08bf5ad 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -194,6 +194,11 @@ if conf.has('WITH_REMOTE')
   'name': 'Libvirt',
   'sockprefix': 'libvirt',
   'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
+  'socket_in': files('libvir

[libvirt PATCH v2 02/33] systemd: Introduce service_in/service_out variables

[Andrea Bolognani]

They're similar to the existing socket_in/socket_out variables
and will make future changes nicer.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/meson.build b/src/meson.build
index 6c85cc9b9b..c6728cc8f8 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -816,9 +816,12 @@ if conf.has('WITH_LIBVIRTD')
 'sockmode': sockmode,
   })
 
+  service_in = unit['service_in']
+  service_out = '@0@.service'.format(unit['service'])
+
   configure_file(
-input: unit['service_in'],
-output: '@0@.service'.format(unit['service']),
+input: service_in,
+output: service_out,
 configuration: unit_conf,
 install: true,
 install_dir: systemd_unit_dir,
-- 
2.41.0

[libvirt PATCH v2 11/33] systemd: Switch virtsecretd to common templates

[Andrea Bolognani]

Signed-off-by: Andrea Bolognani 
---
 src/secret/meson.build|  4 
 src/secret/virtsecretd.service.in | 25 -
 2 files changed, 29 deletions(-)
 delete mode 100644 src/secret/virtsecretd.service.in

diff --git a/src/secret/meson.build b/src/secret/meson.build
index 58e47c22e8..e05b46abea 100644
--- a/src/secret/meson.build
+++ b/src/secret/meson.build
@@ -33,11 +33,7 @@ if conf.has('WITH_SECRETS')
 
   virt_daemon_units += {
 'service': 'virtsecretd',
-'service_in': files('virtsecretd.service.in'),
 'name': 'Libvirt secret',
-'socket_in': libvirtd_socket_in,
-'socket_ro_in': libvirtd_socket_ro_in,
-'socket_admin_in': libvirtd_socket_admin_in,
   }
 
   openrc_init_files += {
diff --git a/src/secret/virtsecretd.service.in 
b/src/secret/virtsecretd.service.in
deleted file mode 100644
index 3804fe553b..00
--- a/src/secret/virtsecretd.service.in
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Virtualization secret daemon
-Conflicts=libvirtd.service
-Requires=virtsecretd.socket
-Requires=virtsecretd-ro.socket
-Requires=virtsecretd-admin.socket
-After=network.target
-After=dbus.service
-After=apparmor.service
-Documentation=man:virtsecretd(8)
-Documentation=https://libvirt.org
-
-[Service]
-Type=notify
-Environment=VIRTSECRETD_ARGS="--timeout 120"
-EnvironmentFile=-@initconfdir@/virtsecretd
-ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Also=virtsecretd.socket
-Also=virtsecretd-ro.socket
-Also=virtsecretd-admin.socket
-- 
2.41.0

[libvirt PATCH v2 03/33] systemd: Make @service_in@ optional

[Andrea Bolognani]

It is currently considered required, but we're soon going to
provide a default that will be suitable for most services.

Since all services currently provide a value explicitly, we
can implement a default without breaking anything.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/meson.build b/src/meson.build
index c6728cc8f8..b7c2076c04 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -194,10 +194,10 @@ guest_unit_files = []
 # virt_daemon_units:
 #   generate libvirt daemon systemd unit files
 #   * service - name of the service (required)
-#   * service_in - service source file (required)
 #   * name - socket description (required)
 #   * sockprefix - socket prefix name (optional, default unit['service'])
 #   * sockets - array of additional sockets (optional, default [ 'main', 'ro', 
'admin' ])
+#   * service_in - service source file (optional, default 
remote/libvirtd.service.in)
 #   * socket_$name_in - additional socket source files (optional, default 
remote/libvirtd.socket.in )
 #   * deps - socket dependencies (optional, default '')
 virt_daemon_units = []
@@ -803,6 +803,8 @@ if conf.has('WITH_LIBVIRTD')
   sockmode = '0600'
 endif
 
+service_in_default = 'remote' / 'libvirtd.service.in'
+
 foreach unit : virt_daemon_units
   unit_conf = configuration_data({
 'runstatedir': runstatedir,
@@ -816,7 +818,7 @@ if conf.has('WITH_LIBVIRTD')
 'sockmode': sockmode,
   })
 
-  service_in = unit['service_in']
+  service_in = unit.get('service_in', service_in_default)
   service_out = '@0@.service'.format(unit['service'])
 
   configure_file(
-- 
2.41.0

[libvirt PATCH v2 33/33] systemd: Move Documentation lines

[Andrea Bolognani]

Like the Description, these are intended to be displayed to the
user, so it makes sense to have them towards the top of the file
before all the information that systemd will parse to calculate
dependencies.

Signed-off-by: Andrea Bolognani 
Reviewed-by: Daniel P. Berrangé 
---
 src/locking/virtlockd.service.in | 4 ++--
 src/logging/virtlogd.service.in  | 4 ++--
 src/remote/libvirtd.service.in   | 4 ++--
 src/virtd.service.in | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 290a2887a5..ce00b6def9 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,11 +1,11 @@
 [Unit]
 Description=libvirt locking daemon
+Documentation=man:virtlockd(8)
+Documentation=https://libvirt.org/
 BindsTo=virtlockd.socket
 Wants=virtlockd-admin.socket
 After=virtlockd.socket
 After=virtlockd-admin.socket
-Documentation=man:virtlockd(8)
-Documentation=https://libvirt.org
 
 [Service]
 Type=notify
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index 4289ef1cb4..52c9e5bb9e 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -1,11 +1,11 @@
 [Unit]
 Description=libvirt logging daemon
+Documentation=man:virtlogd(8)
+Documentation=https://libvirt.org/
 BindsTo=virtlogd.socket
 Wants=virtlogd-admin.socket
 After=virtlogd.socket
 After=virtlogd-admin.socket
-Documentation=man:virtlogd(8)
-Documentation=https://libvirt.org
 
 [Service]
 Type=notify
diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
index 9e303f29c8..24a6712b75 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
@@ -1,5 +1,7 @@
 [Unit]
 Description=libvirt legacy monolithic daemon
+Documentation=man:libvirtd(8)
+Documentation=https://libvirt.org/
 # Use Wants instead of Requires so that users
 # can disable these three .socket units to revert
 # to a traditional non-activation deployment setup
@@ -22,8 +24,6 @@ After=remote-fs.target
 After=systemd-machined.service
 After=xencommons.service
 Conflicts=xendomains.service
-Documentation=man:libvirtd(8)
-Documentation=https://libvirt.org
 
 [Service]
 Type=notify
diff --git a/src/virtd.service.in b/src/virtd.service.in
index 91ac4478bd..651a8d82d7 100644
--- a/src/virtd.service.in
+++ b/src/virtd.service.in
@@ -1,5 +1,7 @@
 [Unit]
 Description=libvirt @name@ daemon
+Documentation=man:@service@(8)
+Documentation=https://libvirt.org/
 BindsTo=@service@.socket
 Wants=@service@-ro.socket
 Wants=@service@-admin.socket
@@ -11,8 +13,6 @@ After=libvirtd.service
 After=network.target
 After=dbus.service
 After=apparmor.service
-Documentation=man:@service@(8)
-Documentation=https://libvirt.org
 
 [Service]
 Type=notify
-- 
2.41.0

[libvirt PATCH v2 28/33] systemd: Drop Before=libvirtd from virtlogd/virtlockd

[Andrea Bolognani]

We have already declared the mirror relationship, so this one
is now redundant.

Moreover, this version was incomplete: it only ever worked for
the monolithic daemon, but the modular daemons for QEMU and Xen
also want the sockets to be active.

Signed-off-by: Andrea Bolognani 
Reviewed-by: Daniel P. Berrangé 
---
 src/locking/virtlockd-admin.socket.in | 1 -
 src/locking/virtlockd.service.in  | 1 -
 src/locking/virtlockd.socket.in   | 1 -
 src/logging/virtlogd-admin.socket.in  | 1 -
 src/logging/virtlogd.service.in   | 1 -
 src/logging/virtlogd.socket.in| 1 -
 6 files changed, 6 deletions(-)

diff --git a/src/locking/virtlockd-admin.socket.in 
b/src/locking/virtlockd-admin.socket.in
index c66e0f9693..d5ebd7f60b 100644
--- a/src/locking/virtlockd-admin.socket.in
+++ b/src/locking/virtlockd-admin.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=Virtual machine lock manager admin socket
-Before=libvirtd.service
 BindsTo=virtlockd.socket
 After=virtlockd.socket
 
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index e0a7040ad3..20b4b26f35 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -4,7 +4,6 @@ BindsTo=virtlockd.socket
 Wants=virtlockd-admin.socket
 After=virtlockd.socket
 After=virtlockd-admin.socket
-Before=libvirtd.service
 Documentation=man:virtlockd(8)
 Documentation=https://libvirt.org
 
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index 4ce75391ae..d2cc2a06a3 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=Virtual machine lock manager socket
-Before=libvirtd.service
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/virtlockd-sock
diff --git a/src/logging/virtlogd-admin.socket.in 
b/src/logging/virtlogd-admin.socket.in
index 5c0fb1880e..67259803ca 100644
--- a/src/logging/virtlogd-admin.socket.in
+++ b/src/logging/virtlogd-admin.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=Virtual machine log manager socket
-Before=libvirtd.service
 BindsTo=virtlogd.socket
 After=virtlogd.socket
 
diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
index eab0d2c27c..776d753e9a 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -4,7 +4,6 @@ BindsTo=virtlogd.socket
 Wants=virtlogd-admin.socket
 After=virtlogd.socket
 After=virtlogd-admin.socket
-Before=libvirtd.service
 Documentation=man:virtlogd(8)
 Documentation=https://libvirt.org
 
diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
index ff3e66e09b..7b3fc73773 100644
--- a/src/logging/virtlogd.socket.in
+++ b/src/logging/virtlogd.socket.in
@@ -1,6 +1,5 @@
 [Unit]
 Description=Virtual machine log manager socket
-Before=libvirtd.service
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/virtlogd-sock
-- 
2.41.0

[libvirt PATCH v2 31/33] systemd: Add RemoveOnStop=yes to all sockets

[Andrea Bolognani]

Currently we only set this for the main sockets, which means
that

  $ systemctl stop virtqemud.socket

will make the socket disappear from the filesystem while

  $ systemctl stop virtqemud-ro.socket

won't. Get rid of this inconsistency.

Signed-off-by: Andrea Bolognani 
---
 src/locking/virtlockd-admin.socket.in | 1 +
 src/locking/virtlockd.socket.in   | 1 +
 src/logging/virtlogd-admin.socket.in  | 1 +
 src/logging/virtlogd.socket.in| 1 +
 src/remote/libvirtd-admin.socket.in   | 1 +
 src/remote/libvirtd-ro.socket.in  | 1 +
 src/virtd-admin.socket.in | 1 +
 src/virtd-ro.socket.in| 1 +
 8 files changed, 8 insertions(+)

diff --git a/src/locking/virtlockd-admin.socket.in 
b/src/locking/virtlockd-admin.socket.in
index d05ba982d9..0452a0cfdb 100644
--- a/src/locking/virtlockd-admin.socket.in
+++ b/src/locking/virtlockd-admin.socket.in
@@ -7,6 +7,7 @@ After=virtlockd.socket
 ListenStream=@runstatedir@/libvirt/virtlockd-admin-sock
 Service=virtlockd.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index 98aabb2511..31a576aa16 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -5,6 +5,7 @@ Description=Virtual machine lock manager socket
 ListenStream=@runstatedir@/libvirt/virtlockd-sock
 Service=virtlockd.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/logging/virtlogd-admin.socket.in 
b/src/logging/virtlogd-admin.socket.in
index 75ec7bd5fa..ddb9a1393b 100644
--- a/src/logging/virtlogd-admin.socket.in
+++ b/src/logging/virtlogd-admin.socket.in
@@ -7,6 +7,7 @@ After=virtlogd.socket
 ListenStream=@runstatedir@/libvirt/virtlogd-admin-sock
 Service=virtlogd.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
index b044d62e7c..084cbe179d 100644
--- a/src/logging/virtlogd.socket.in
+++ b/src/logging/virtlogd.socket.in
@@ -5,6 +5,7 @@ Description=Virtual machine log manager socket
 ListenStream=@runstatedir@/libvirt/virtlogd-sock
 Service=virtlogd.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index 6df038d95a..e0bbf9b1ac 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -7,6 +7,7 @@ After=libvirtd.socket
 ListenStream=@runstatedir@/libvirt/libvirt-admin-sock
 Service=libvirtd.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index 6797517c50..c8adc8109b 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -7,6 +7,7 @@ After=libvirtd.socket
 ListenStream=@runstatedir@/libvirt/libvirt-sock-ro
 Service=libvirtd.service
 SocketMode=0666
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/virtd-admin.socket.in b/src/virtd-admin.socket.in
index 5a5f577041..818d4ab84f 100644
--- a/src/virtd-admin.socket.in
+++ b/src/virtd-admin.socket.in
@@ -9,6 +9,7 @@ After=libvirtd-admin.socket
 ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock
 Service=@service@.service
 SocketMode=0600
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
diff --git a/src/virtd-ro.socket.in b/src/virtd-ro.socket.in
index 692279665d..57b313e016 100644
--- a/src/virtd-ro.socket.in
+++ b/src/virtd-ro.socket.in
@@ -9,6 +9,7 @@ After=libvirtd-ro.socket
 ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro
 Service=@service@.service
 SocketMode=0666
+RemoveOnStop=yes
 
 [Install]
 WantedBy=sockets.target
-- 
2.41.0

[libvirt PATCH v2 22/33] systemd: Drop @deps@

[Andrea Bolognani]

It's no longer used anywhere.

Signed-off-by: Andrea Bolognani 
---
 src/meson.build | 2 --
 src/remote/libvirtd-admin.socket.in | 1 -
 src/remote/libvirtd-ro.socket.in| 1 -
 src/remote/libvirtd-tcp.socket.in   | 1 -
 src/remote/libvirtd-tls.socket.in   | 1 -
 src/remote/libvirtd.socket.in   | 1 -
 6 files changed, 7 deletions(-)

diff --git a/src/meson.build b/src/meson.build
index 541ca61101..144f24e526 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -201,7 +201,6 @@ guest_unit_files = []
 #   * socket_$name_in - additional socket source files (optional, default 
virtd.socket.in or virtd-$name.socket.in)
 #   * service_extra_in - unit to merge with service_in (optional, default None)
 #   * socket_extra_in - unit to merge with socket_$name_in (optional, default 
None)
-#   * deps - socket dependencies (optional, default '')
 virt_daemon_units = []
 
 # openrc_init_files
@@ -817,7 +816,6 @@ if conf.has('WITH_LIBVIRTD')
 'service': unit['service'],
 'SERVICE': unit['service'].to_upper(),
 'sockprefix': unit.get('sockprefix', unit['service']),
-'deps': unit.get('deps', ''),
 'sockmode': sockmode,
   })
 
diff --git a/src/remote/libvirtd-admin.socket.in 
b/src/remote/libvirtd-admin.socket.in
index 01e1a08939..39bb0badea 100644
--- a/src/remote/libvirtd-admin.socket.in
+++ b/src/remote/libvirtd-admin.socket.in
@@ -3,7 +3,6 @@ Description=@name@ admin socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
-@deps@
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-admin-sock
diff --git a/src/remote/libvirtd-ro.socket.in b/src/remote/libvirtd-ro.socket.in
index 58ae1beb95..b7b7ae0dd8 100644
--- a/src/remote/libvirtd-ro.socket.in
+++ b/src/remote/libvirtd-ro.socket.in
@@ -3,7 +3,6 @@ Description=@name@ local read-only socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
-@deps@
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-sock-ro
diff --git a/src/remote/libvirtd-tcp.socket.in 
b/src/remote/libvirtd-tcp.socket.in
index 6949df315e..7c8bcdb525 100644
--- a/src/remote/libvirtd-tcp.socket.in
+++ b/src/remote/libvirtd-tcp.socket.in
@@ -3,7 +3,6 @@ Description=@name@ non-TLS IP socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
-@deps@
 
 [Socket]
 ListenStream=16509
diff --git a/src/remote/libvirtd-tls.socket.in 
b/src/remote/libvirtd-tls.socket.in
index ada2b871f0..c6dceb2d4e 100644
--- a/src/remote/libvirtd-tls.socket.in
+++ b/src/remote/libvirtd-tls.socket.in
@@ -3,7 +3,6 @@ Description=@name@ TLS IP socket
 Before=@service@.service
 BindsTo=@service@.socket
 After=@service@.socket
-@deps@
 
 [Socket]
 ListenStream=16514
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index e6e903a8ce..aec0708fd4 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -1,7 +1,6 @@
 [Unit]
 Description=@name@ local socket
 Before=@service@.service
-@deps@
 
 [Socket]
 ListenStream=@runstatedir@/libvirt/@sockprefix@-sock
-- 
2.41.0

[libvirt PATCH] docs: Go bindings release at the same time as the C library

[Andrea Bolognani]

The actual versioning policy[1] is a bit more nuanced, and in
particular there are scenarios in which the monthly release
is intentionally skipped, but overall it's not inaccurate to
claim that the release cadence of the Go bindings follows the
one of the C library.

[1] https://gitlab.com/libvirt/libvirt-go-module/-/blob/master/VERSIONING.rst

Signed-off-by: Andrea Bolognani 
---
 docs/downloads.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/downloads.rst b/docs/downloads.rst
index c7d4237f66..d3deec554d 100644
--- a/docs/downloads.rst
+++ b/docs/downloads.rst
@@ -261,7 +261,7 @@ The core libvirt module follows a time based plan, with 
releases made once a
 month on the 1st of each month give or take a few days. The only exception is 
at
 the start of the year where there are two 6 weeks gaps (first release in the
 middle of Jan, then skip the Feb release), giving a total of 11 releases a 
year.
-The Python and Perl modules will aim to release at the same time as the core
+The Python, Perl and Go modules will aim to release at the same time as the 
core
 libvirt module. Other modules have independent ad-hoc releases with no fixed
 time schedule.
 
-- 
2.41.0

[libvirt PATCH 6/7] docs: testtck: Add a clear note on libvirt + Perl bindings dependency

[Erik Skultety]

It's mentioned in an earlier paragraph that Perl bindings in correct
version are needed, but there's no note about libvirt even though it
should be obvious. So make a clear note on that and while at it, do
mention the possibility to get upstream libvirt RPMs from GitLab CI
artifacts if users don't feel like building everything on their own.

Signed-off-by: Erik Skultety 
---
 docs/testtck.rst | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/docs/testtck.rst b/docs/testtck.rst
index 89760e3f63..f57af61aa8 100644
--- a/docs/testtck.rst
+++ b/docs/testtck.rst
@@ -73,6 +73,12 @@ Again, for further details on how to update ``lcitool`` 
virtual machines,
 please refer to
 `Updating VMs with a given project dependencies 
`__
 
+Note that lcitool only installs build dependencies, so as mentioned above 
you'll
+need both libvirt **and** libvirt Perl bindings installed in order to be able
+to run TCK. You can (depending on use case) either build both inside the VM and
+install manually or install the corresponding RPMs from GitLab CI build
+artifacts.
+
 We also recommend executing TCK using the Avocado framework as the test harness
 engine which means that you'll have to install Avocado in the test environment
 as well. You can get it either from
-- 
2.41.0

[libvirt PATCH 5/7] docs: testing: Adjust the docs on how to run container workloads locally

[Erik Skultety]

The fact that we need ci/helper script to run the workloads remains
true, but the invocation has changed as of commit eb41e456 . We also
extracted GitLab job specs into a standalone ci/jobs.sh script which
allows execution of any container job we run in upstream CI locally,
unlike the original functionality which only allowed builds, tests and
shell (although important to say it could be adjusted with the right
meson/ninja args).
lcitool also became mandatory as it enables the container execution
which replaced a Makefile we used to have for this purpose.

Signed-off-by: Erik Skultety 
---
 docs/testing.rst | 37 +
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/docs/testing.rst b/docs/testing.rst
index a597c3ed07..9ca47072ba 100644
--- a/docs/testing.rst
+++ b/docs/testing.rst
@@ -48,11 +48,17 @@ Running container builds with GitLab CI
 As long as your GitLab account has CI minutes available, pipelines will run
 automatically on every branch push to your fork.
 
-Running container builds locally
-
+Running container jobs locally
+~~
 
-In order to run container builds locally, we have a ``helper`` script inside
-the ``ci`` directory that can pull, build, and test (if applicable) changes on
+GitLab CI configuration file is the only source of truth when it comes to
+various job specifications we execute as part of the upstream pipeline.
+Luckily, all "script" (i.e. Bash scripts) were extracted to standalone Shell
+functions in ``ci/jobs.sh``. This allows users to run any of the container
+GitLab job specifications locally by just referencing the job name.
+
+When it comes to actually running the GitLab jobs locally, we have a
+``ci/helper`` script can pull, build, and test (if applicable) changes on
 your current local branch. It supports both the Docker and Podman runtimes
 with an automatic selection of whichever runtime is configured on your system.
 In case neither has been enabled/configured, please go through the following
@@ -130,12 +136,27 @@ the default libvirt registry:
 fedora-rawhide-cross-mingw64
 ...
 
-Now let's say one would want to build their local libvirt changes on Alpine
-Edge using their own GitLab's registry container. They'd then proceed with
+Now, let's say one would want to run the ``website`` job from GitLab on Debian
+11. This is how a GitLab job specification can be referenced on ``ci/helper``'s
+command line:
 
 ::
 
-$ ci/helper build --image-prefix registry.gitlab.com//libvirt/ci- 
alpine-edge
+$ ci/helper run --job website debian-10
+
+What if you want to run an rpmbuild of libvirt on an RPM distro?
+
+::
+
+$ ci/helper run --job rpmbuild fedora-38
+
+Want to use your own, say alpine-edge, container image from your GitLab
+container registry?
+Proceed with the following:
+
+::
+
+$ ci/helper run --job build --image-prefix 
registry.gitlab.com//libvirt/ci- alpine-edge
 
 Finally, it would be nice if one could get an interactive shell inside the
 test environment to debug potential build issues. This can be achieved with the
@@ -143,7 +164,7 @@ following:
 
 ::
 
-$ ci/helper shell alpine-edge
+$ ci/helper run --job shell alpine-edge
 
 
 Integration tests
-- 
2.41.0

[libvirt PATCH 1/7] docs: ci-runners: Add a note on a new runner registration process

[Erik Skultety]

The documented process should be updated to reflect the new process
once GitLab transitions to it completely and drops the old process
involving registration tokens as hinted by the note.

Signed-off-by: Erik Skultety 
---
 docs/ci-runners.rst | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/docs/ci-runners.rst b/docs/ci-runners.rst
index fd5fdd121a..4a93f0e872 100644
--- a/docs/ci-runners.rst
+++ b/docs/ci-runners.rst
@@ -54,6 +54,16 @@ configurations on the GitLab UI.  Navigate to:
  * *Runners activated for this project*, then
  * Click on the *Edit* icon (next to the *Lock* Icon)
 
+*Note: GitLab has changed the runner registration process deprecating the use 
of
+registration tokens in future versions, so while the above process is still
+applicable (though the settings are now a bit more hidden) at the time of 
writing
+this note (09/2023), GitLab v18.0+ is planned to completely switch to a new
+process (see the links below), deleting the use of registration tokens.*
+
+ * https://gitlab.com/gitlab-org/gitlab/-/issues/380872
+ * https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
+ * 
https://docs.gitlab.com/ee/ci/runners/runners_scope.html#create-a-shared-runner-with-a-runner-authentication-token
+
 Don't forget to add a tag to your runner as these are used to route specific
 jobs to specific runners, e.g. if a job in ``ci/integration.yml`` looked like
 this ::
-- 
2.41.0

[libvirt PATCH 4/7] docs: testtck: Improve the documentation on how to get a VM from lcitool

[Erik Skultety]

While wording is still correct to this day, we have already added more
features to lcitool and documented it properly in its repo. Make sure
that we refer the users to lcitool's doc material for further details
on how VMs can be installed locally.
Use the opportunity to bump the OS distro target from Fedora 36 -> 38.

Signed-off-by: Erik Skultety 
---
 docs/testtck.rst | 23 +--
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/docs/testtck.rst b/docs/testtck.rst
index d7f5483b5f..89760e3f63 100644
--- a/docs/testtck.rst
+++ b/docs/testtck.rst
@@ -48,20 +48,31 @@ available through the system package manager and some will 
likely need to be
 installed from CPAN (Perl's equivalent of Python's PyPI). Here's where
 `libvirt-ci's `__ lcitool can help
 with preparing a test environment in a fresh VM, taking care of the
-dependencies along the way:
+dependencies along the way. A simple example of getting a machine from lcitool
+would be:
 
 ::
 
-$ lcitool install --target fedora-36 tck-fedora36 --wait
+$ lcitool install --target fedora-38 tck-fedora38 --wait
 
-would get you a new Fedora 36 VM named ``tck-fedora36``. Then
+would get you a new Fedora 38 VM named ``tck-fedora38``. There are different
+ways of getting a fresh local VM with ``lcitool``, so please refer to
+`Installing local VMs 
`__
+for further details, especially to utilize vendor cloud images for this
+purpose.
+
+Once you have a fresh virtual machine, you need to pre-install it with all
+necessary build dependencies to be able to build libvirt, libvirt Perl bindings
+and run the TCK test suite inside it. You'd do that by running
 
 ::
 
-$ lcitool update tck-fedora36 libvirt,libvirt-perl,libvirt-tck+runtime
+$ lcitool update tck-fedora38 libvirt,libvirt-perl,libvirt-tck+runtime
+
+Again, for further details on how to update ``lcitool`` virtual machines,
+please refer to
+`Updating VMs with a given project dependencies 
`__
 
-will install all the necessary dependencies to build libvirt, the corresponding
-Perl bindings and all TCK runtime dependencies to be able to execute the tests.
 We also recommend executing TCK using the Avocado framework as the test harness
 engine which means that you'll have to install Avocado in the test environment
 as well. You can get it either from
-- 
2.41.0

[libvirt PATCH 2/7] docs: ci: Update the description on the integration CI GitLab variables

[Erik Skultety]

This patch mainly fixes an unfinished sentence that was supposed to
describe the LIBVIRT_CI_INTEGRATION_RUNNER_TAG variable, but took the
opportunity to update the description of the other variable too.

Signed-off-by: Erik Skultety 
---
 docs/ci.rst | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/ci.rst b/docs/ci.rst
index ee85018c49..f3911d84ca 100644
--- a/docs/ci.rst
+++ b/docs/ci.rst
@@ -31,8 +31,12 @@ see below.
 GitLab CI variables
 ---
 
-* ``LIBVIRT_CI_INTEGRATION`` - enables integration test runs manually or in 
forks
-* ``LIBVIRT_CI_INTEGRATION_RUNNER_TAG`` - overrides the upstream runner tag on 
the
+* ``LIBVIRT_CI_INTEGRATION`` - enables integration test suite execution as part
+of the pipeline (works in forks too if there's a registered shared runner)
+* ``LIBVIRT_CI_INTEGRATION_RUNNER_TAG`` - overrides the gitlab-runner tag for
+the pipeline; this is needed in forks because the default tag only matches
+upstream shared runners which may be (and will be) different from the tags
+defined on shared runners in forks
 
 Retrieving test logs
 
-- 
2.41.0

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

[Markus Armbruster]

Daniel P. Berrangé  writes:

> On Wed, Sep 27, 2023 at 12:49:08PM -0400, James Bottomley wrote:
>> From: James Bottomley 
>> 
>> The Microsoft Simulator (mssim) is the reference emulation platform
>> for the TCG TPM 2.0 specification.
>> 
>> https://github.com/Microsoft/ms-tpm-20-ref.git
>> 
>> It exports a fairly simple network socket based protocol on two
>> sockets, one for command (default 2321) and one for control (default
>> 2322).  This patch adds a simple backend that can speak the mssim
>> protocol over the network.  It also allows the two sockets to be
>> specified on the command line.  The benefits are twofold: firstly it
>> gives us a backend that actually speaks a standard TPM emulation
>> protocol instead of the linux specific TPM driver format of the
>> current emulated TPM backend and secondly, using the microsoft
>> protocol, the end point of the emulator can be anywhere on the
>> network, facilitating the cloud use case where a central TPM service
>> can be used over a control network.
>> 
>> The implementation does basic control commands like power off/on, but
>> doesn't implement cancellation or startup.  The former because
>> cancellation is pretty much useless on a fast operating TPM emulator
>> and the latter because this emulator is designed to be used with OVMF
>> which itself does TPM startup and I wanted to validate that.
>> 
>> To run this, simply download an emulator based on the MS specification
>> (package ibmswtpm2 on openSUSE) and run it, then add these two lines
>> to the qemu command and it will use the emulator.
>> 
>> -tpmdev mssim,id=tpm0 \
>> -device tpm-crb,tpmdev=tpm0 \
>> 
>> to use a remote emulator replace the first line with
>> 
>> -tpmdev 
>> "{'type':'mssim','id':'tpm0','command':{'type':inet,'host':'remote','port':'2321'}}"
>> 
>> tpm-tis also works as the backend.
>> 
>> Signed-off-by: James Bottomley 
>> Acked-by: Markus Armbruster 

[...]

>> diff --git a/backends/tpm/tpm_mssim.c b/backends/tpm/tpm_mssim.c
>> new file mode 100644
>> index 00..b8a12dce04
>> --- /dev/null
>> +++ b/backends/tpm/tpm_mssim.c
>> @@ -0,0 +1,290 @@
>> +/*
>> + * Emulator TPM driver which connects over the mssim protocol
>> + * SPDX-License-Identifier: GPL-2.0-or-later
>> + *
>> + * Copyright (c) 2022
>> + * Author: James Bottomley 
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "qemu/error-report.h"
>> +#include "qemu/sockets.h"
>> +
>> +#include "qapi/clone-visitor.h"
>> +#include "qapi/qapi-visit-tpm.h"
>> +
>> +#include "io/channel-socket.h"
>> +
>> +#include "sysemu/runstate.h"
>> +#include "sysemu/tpm_backend.h"
>> +#include "sysemu/tpm_util.h"
>> +
>> +#include "qom/object.h"
>> +
>> +#include "tpm_int.h"
>> +#include "tpm_mssim.h"
>> +
>> +#define ERROR_PREFIX "TPM mssim Emulator: "
>> +
>> +#define TYPE_TPM_MSSIM "tpm-mssim"
>> +OBJECT_DECLARE_SIMPLE_TYPE(TPMMssim, TPM_MSSIM)
>> +
>> +struct TPMMssim {
>> +TPMBackend parent;
>> +
>> +TPMMssimOptions opts;
>> +
>> +QIOChannelSocket *cmd_qc, *ctrl_qc;
>> +};
>> +
>> +static int tpm_send_ctrl(TPMMssim *t, uint32_t cmd, Error **errp)
>> +{
>> +int ret;
>> +
>> +qio_channel_socket_connect_sync(t->ctrl_qc, t->opts.control, errp);
>
> Need to assign to 'ret' and check for failure here, otherwise the
> next call to write_all will overwrite the useful message in 'errp'
> with a less helpful one.

No, it'll crash :)

An @errp argument must point to a null pointer.  If it doesn't, setting
an error will trip error_setv()'s assertion.

> +cmd = htonl(cmd);
> +ret = qio_channel_write_all(QIO_CHANNEL(t->ctrl_qc),
> +(char *)&cmd, sizeof(cmd), errp);
> +if (ret != 0) {
> +goto out;
> +}

qapi/error.h's big comment advises:

 * Receive and accumulate multiple errors (first one wins):
 * Error *err = NULL, *local_err = NULL;
 * foo(arg, &err);
 * bar(arg, &local_err);
 * error_propagate(&err, local_err);
 * if (err) {
 * handle the error...
 * }
 *
 * Do *not* "optimize" this to
 * Error *err = NULL;
 * foo(arg, &err);
 * bar(arg, &err); // WRONG!
 * if (err) {
 * handle the error...
 * }
 * because this may pass a non-null err to bar().
 *
 * Likewise, do *not*
 * Error *err = NULL;
 * if (cond1) {
 * error_setg(&err, ...);
 * }
 * if (cond2) {
 * error_setg(&err, ...); // WRONG!
 * }
 * because this may pass a non-null err to error_setg().

The quoted code is like the last example, except the error_setg() lurk
within the functions called.

[...]

[libvirt PATCH 7/7] docs: testtck: Expand the 'Run TCK' section on making use of ci/jobs.sh

[Erik Skultety]

Ever since commit 6e9bd600 added a new GitLab job description function
handling the integration test suite process to ci/jobs.sh it should be
mentioned in the docs.
This patch splits the 'Run TCK' section in two, giving user the option
to run the integration test suite in their VM environment the same way
as we do in GitLab CI or execute everything manually.
This patch takes the opportunity to also link to the virtiofs kbase
article to give users a different option to get the local libvirt
repositories to be used in testing inside a VM.

Signed-off-by: Erik Skultety 
---
 docs/testtck.rst | 29 +++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/docs/testtck.rst b/docs/testtck.rst
index f57af61aa8..568899dcdd 100644
--- a/docs/testtck.rst
+++ b/docs/testtck.rst
@@ -90,8 +90,33 @@ in the future we plan on making the TCK internal coupling 
with Avocado tighter.
 Running TCK
 ~~~
 
-Once you have all the dependencies installed, you can then proceed with running
-as root the test suite as root (when running with Avocado):
+Once you have all the dependencies installed, you can then proceed with either
+of the following procedures to execute the test suite as root.
+
+Replicating upstream CI test suite execution locally
+
+
+Similarly to how local container builds utilize the standalone ``ci/jobs.sh``
+script containing functions describing GitLab job definitions it can be
+utilized to run integration test suite as well. In this case, one needs to
+get a copy of their libvirt repository containing the changes to be tested
+inside the VM (either by cloning it manually or sharing the repo e.g. via
+`virtiofs `__). Make sure that the
+user which is going to execute the following has passwordless "sudo" 
permissions
+(lcitool's default "test" user does). Then it's just a matter of running
+
+::
+
+$ source ci/jobs.sh
+$ run_integration
+
+Manual invocation
+^
+
+If you want to have more control over the whole procedure or simply don't want
+to run the exact same steps as libvirt's upstream CI pipeline does in context
+of integration tests then start by cloning the
+`TCK `__ repository and run
 
 ::
 
-- 
2.41.0

[libvirt PATCH 3/7] docs: testtck: Tweak the Avocado command to run TCK test suite

[Erik Skultety]

While we may have needed to run TCK through Avocado by explicitly using
the '--tap' option (still possible), we can get a nice output from
Avocado by default leaving the option out which is exactly what we do
inside GitLab CI environment.

Signed-off-by: Erik Skultety 
---
 docs/testtck.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/testtck.rst b/docs/testtck.rst
index 100a278acd..d7f5483b5f 100644
--- a/docs/testtck.rst
+++ b/docs/testtck.rst
@@ -78,7 +78,7 @@ as root the test suite as root (when running with Avocado):
 
 ::
 
-# avocado --config avocado.config run --tap - ./scripts/
+# avocado --config avocado.config run
 
 from the TCK's git root.
 
-- 
2.41.0

[libvirt PATCH 0/7] docs: ci: Update the CI pages with fresh contents

[Erik Skultety]

While we have already descriptive articles on our GitLab CI, there's recently
been some work on the CI front where a few sections deserve some updates.

Erik Skultety (7):
  docs: ci-runners: Add a note on a new runner registration process
  docs: ci: Update the description on the integration CI GitLab
variables
  docs: testtck: Tweak the Avocado command to run TCK test suite
  docs: testtck: Improve the documentation on how to get a VM from
lcitool
  docs: testing: Adjust the docs on how to run container workloads
locally
  docs: testtck: Add a clear note on libvirt + Perl bindings dependency
  docs: testtck: Expand the 'Run TCK' section on making use of
ci/jobs.sh

 docs/ci-runners.rst | 10 
 docs/ci.rst |  8 --
 docs/testing.rst| 37 ++--
 docs/testtck.rst| 60 ++---
 4 files changed, 96 insertions(+), 19 deletions(-)

-- 
2.41.0

Re: [PATCH] hw/rdma: Deprecate the pvrdma device and the rdma subsystem

[Markus Armbruster]

Wrong thread, please ignore.